From 415f3fdeb53e932a05b69b9ef1b04b4b57483a2e Mon Sep 17 00:00:00 2001 From: Tapas Jena Date: Sun, 29 Sep 2024 23:12:16 +0800 Subject: [PATCH] cleanup timoni and cue --- .../cnpg/.gitkeep => examples/build.yaml} | 0 platform/examples/environment.yaml | 0 platform/examples/organisation.yaml | 0 platform/examples/release.yaml | 0 platform/examples/team.yaml | 0 platform/modules/adhar-backstage/README.md | 85 - .../api/admission/v1/register_go_gen.cue | 7 - .../k8s.io/api/admission/v1/types_go_gen.cue | 172 - .../admissionregistration/v1/doc_go_gen.cue | 9 - .../v1/register_go_gen.cue | 7 - .../admissionregistration/v1/types_go_gen.cue | 645 - .../k8s.io/api/apps/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 - .../api/authentication/v1/register_go_gen.cue | 7 - .../api/authentication/v1/types_go_gen.cue | 206 - .../api/authorization/v1/register_go_gen.cue | 7 - .../api/authorization/v1/types_go_gen.cue | 262 - .../api/autoscaling/v1/register_go_gen.cue | 7 - .../api/autoscaling/v1/types_go_gen.cue | 542 - .../api/autoscaling/v2/register_go_gen.cue | 7 - .../api/autoscaling/v2/types_go_gen.cue | 597 - .../k8s.io/api/batch/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/batch/v1/types_go_gen.cue | 693 - .../api/certificates/v1/register_go_gen.cue | 7 - .../api/certificates/v1/types_go_gen.cue | 318 - .../api/coordination/v1/register_go_gen.cue | 7 - .../api/coordination/v1/types_go_gen.cue | 61 - .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../api/discovery/v1/register_go_gen.cue | 7 - .../k8s.io/api/discovery/v1/types_go_gen.cue | 206 - .../discovery/v1/well_known_labels_go_gen.cue | 20 - .../k8s.io/api/events/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/events/v1/types_go_gen.cue | 111 - .../api/networking/v1/register_go_gen.cue | 7 - .../k8s.io/api/networking/v1/types_go_gen.cue | 588 - .../v1/well_known_annotations_go_gen.cue | 11 - .../k8s.io/api/node/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/node/v1/types_go_gen.cue | 90 - .../gen/k8s.io/api/policy/v1/doc_go_gen.cue | 8 - .../k8s.io/api/policy/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/policy/v1/types_go_gen.cue | 204 - .../k8s.io/api/rbac/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/rbac/v1/types_go_gen.cue | 207 - .../api/scheduling/v1/register_go_gen.cue | 7 - .../k8s.io/api/scheduling/v1/types_go_gen.cue | 57 - .../k8s.io/api/storage/v1/register_go_gen.cue | 7 - .../k8s.io/api/storage/v1/types_go_gen.cue | 652 - .../pkg/apis/apiextensions/v1/doc_go_gen.cue | 6 - .../apis/apiextensions/v1/register_go_gen.cue | 7 - .../apis/apiextensions/v1/types_go_gen.cue | 513 - .../v1/types_jsonschema_go_gen.cue | 317 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 -- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - .../adhar-backstage/cue.mod/module.cue | 1 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - .../modules/adhar-backstage/debug_tool.cue | 35 - .../modules/adhar-backstage/debug_values.cue | 30 - .../adhar-backstage/templates/config.cue | 113 - .../adhar-backstage/templates/configmap.cue | 55 - .../adhar-backstage/templates/deployment.cue | 104 - .../modules/adhar-backstage/templates/job.cue | 58 - .../adhar-backstage/templates/service.cue | 27 - .../templates/serviceaccount.cue | 12 - platform/modules/adhar-backstage/timoni.cue | 47 - .../modules/adhar-backstage/timoni.ignore | 14 - platform/modules/adhar-backstage/values.cue | 21 - platform/modules/adhar-console/README.md | 85 - .../api/admission/v1/register_go_gen.cue | 7 - .../k8s.io/api/admission/v1/types_go_gen.cue | 172 - .../admissionregistration/v1/doc_go_gen.cue | 9 - .../v1/register_go_gen.cue | 7 - .../admissionregistration/v1/types_go_gen.cue | 645 - .../k8s.io/api/apps/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 - .../api/authentication/v1/register_go_gen.cue | 7 - .../api/authentication/v1/types_go_gen.cue | 206 - .../api/authorization/v1/register_go_gen.cue | 7 - .../api/authorization/v1/types_go_gen.cue | 262 - .../api/autoscaling/v1/register_go_gen.cue | 7 - .../api/autoscaling/v1/types_go_gen.cue | 542 - .../api/autoscaling/v2/register_go_gen.cue | 7 - .../api/autoscaling/v2/types_go_gen.cue | 597 - .../k8s.io/api/batch/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/batch/v1/types_go_gen.cue | 693 - .../api/certificates/v1/register_go_gen.cue | 7 - .../api/certificates/v1/types_go_gen.cue | 318 - .../api/coordination/v1/register_go_gen.cue | 7 - .../api/coordination/v1/types_go_gen.cue | 61 - .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../api/discovery/v1/register_go_gen.cue | 7 - .../k8s.io/api/discovery/v1/types_go_gen.cue | 206 - .../discovery/v1/well_known_labels_go_gen.cue | 20 - .../k8s.io/api/events/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/events/v1/types_go_gen.cue | 111 - .../api/networking/v1/register_go_gen.cue | 7 - .../k8s.io/api/networking/v1/types_go_gen.cue | 588 - .../v1/well_known_annotations_go_gen.cue | 11 - .../k8s.io/api/node/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/node/v1/types_go_gen.cue | 90 - .../gen/k8s.io/api/policy/v1/doc_go_gen.cue | 8 - .../k8s.io/api/policy/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/policy/v1/types_go_gen.cue | 204 - .../k8s.io/api/rbac/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/rbac/v1/types_go_gen.cue | 207 - .../api/scheduling/v1/register_go_gen.cue | 7 - .../k8s.io/api/scheduling/v1/types_go_gen.cue | 57 - .../k8s.io/api/storage/v1/register_go_gen.cue | 7 - .../k8s.io/api/storage/v1/types_go_gen.cue | 652 - .../pkg/apis/apiextensions/v1/doc_go_gen.cue | 6 - .../apis/apiextensions/v1/register_go_gen.cue | 7 - .../apis/apiextensions/v1/types_go_gen.cue | 513 - .../v1/types_jsonschema_go_gen.cue | 317 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 -- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - .../modules/adhar-console/cue.mod/module.cue | 1 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - platform/modules/adhar-console/debug_tool.cue | 35 - .../modules/adhar-console/debug_values.cue | 30 - .../adhar-console/templates/config.cue | 113 - .../adhar-console/templates/configmap.cue | 55 - .../adhar-console/templates/deployment.cue | 104 - .../modules/adhar-console/templates/job.cue | 58 - .../adhar-console/templates/service.cue | 27 - .../templates/serviceaccount.cue | 12 - platform/modules/adhar-console/timoni.cue | 47 - platform/modules/adhar-console/timoni.ignore | 14 - platform/modules/adhar-console/values.cue | 21 - platform/stack/environments/local/config.yaml | 5 + .../packages/core/adhar-console/.gitkeep | 0 .../packages/data/cnpg/generate-manifests.sh | 12 + .../packages/data/cnpg/manifests/install.yaml | 17114 ++++++++++++++++ platform/stack/packages/data/cnpg/values.yaml | 0 .../packages/security/kubescape/.gitkeep | 0 231 files changed, 17131 insertions(+), 38098 deletions(-) rename platform/{stack/packages/data/cnpg/.gitkeep => examples/build.yaml} (100%) create mode 100644 platform/examples/environment.yaml create mode 100644 platform/examples/organisation.yaml create mode 100644 platform/examples/release.yaml create mode 100644 platform/examples/team.yaml delete mode 100644 platform/modules/adhar-backstage/README.md delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/module.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 platform/modules/adhar-backstage/debug_tool.cue delete mode 100644 platform/modules/adhar-backstage/debug_values.cue delete mode 100644 platform/modules/adhar-backstage/templates/config.cue delete mode 100644 platform/modules/adhar-backstage/templates/configmap.cue delete mode 100644 platform/modules/adhar-backstage/templates/deployment.cue delete mode 100644 platform/modules/adhar-backstage/templates/job.cue delete mode 100644 platform/modules/adhar-backstage/templates/service.cue delete mode 100644 platform/modules/adhar-backstage/templates/serviceaccount.cue delete mode 100644 platform/modules/adhar-backstage/timoni.cue delete mode 100644 platform/modules/adhar-backstage/timoni.ignore delete mode 100644 platform/modules/adhar-backstage/values.cue delete mode 100644 platform/modules/adhar-console/README.md delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 platform/modules/adhar-console/cue.mod/module.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 platform/modules/adhar-console/debug_tool.cue delete mode 100644 platform/modules/adhar-console/debug_values.cue delete mode 100644 platform/modules/adhar-console/templates/config.cue delete mode 100644 platform/modules/adhar-console/templates/configmap.cue delete mode 100644 platform/modules/adhar-console/templates/deployment.cue delete mode 100644 platform/modules/adhar-console/templates/job.cue delete mode 100644 platform/modules/adhar-console/templates/service.cue delete mode 100644 platform/modules/adhar-console/templates/serviceaccount.cue delete mode 100644 platform/modules/adhar-console/timoni.cue delete mode 100644 platform/modules/adhar-console/timoni.ignore delete mode 100644 platform/modules/adhar-console/values.cue create mode 100644 platform/stack/packages/core/adhar-console/.gitkeep create mode 100755 platform/stack/packages/data/cnpg/generate-manifests.sh create mode 100644 platform/stack/packages/data/cnpg/manifests/install.yaml create mode 100644 platform/stack/packages/data/cnpg/values.yaml create mode 100644 platform/stack/packages/security/kubescape/.gitkeep diff --git a/platform/stack/packages/data/cnpg/.gitkeep b/platform/examples/build.yaml similarity index 100% rename from platform/stack/packages/data/cnpg/.gitkeep rename to platform/examples/build.yaml diff --git a/platform/examples/environment.yaml b/platform/examples/environment.yaml new file mode 100644 index 00000000..e69de29b diff --git a/platform/examples/organisation.yaml b/platform/examples/organisation.yaml new file mode 100644 index 00000000..e69de29b diff --git a/platform/examples/release.yaml b/platform/examples/release.yaml new file mode 100644 index 00000000..e69de29b diff --git a/platform/examples/team.yaml b/platform/examples/team.yaml new file mode 100644 index 00000000..e69de29b diff --git a/platform/modules/adhar-backstage/README.md b/platform/modules/adhar-backstage/README.md deleted file mode 100644 index b5923601..00000000 --- a/platform/modules/adhar-backstage/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# adhar-backstage - -A [timoni.sh](http://timoni.sh) module for deploying adhar-backstage to Kubernetes clusters. - -## Install - -To create an instance using the default values: - -```shell -timoni -n default apply adhar-backstage oci:// -``` - -To change the [default configuration](#configuration), -create one or more `values.cue` files and apply them to the instance. - -For example, create a file `my-values.cue` with the following content: - -```cue -values: { - resources: requests: { - cpu: "100m" - memory: "128Mi" - } -} -``` - -And apply the values with: - -```shell -timoni -n default apply adhar-backstage oci:// \ ---values ./my-values.cue -``` - -## Uninstall - -To uninstall an instance and delete all its Kubernetes resources: - -```shell -timoni -n default delete adhar-backstage -``` - -## Configuration - -### General values - -| Key | Type | Default | Description | -|------------------------------|-----------------------------------------|----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| -| `image: tag:` | `string` | `` | Container image tag | -| `image: digest:` | `string` | `` | Container image digest, takes precedence over `tag` when specified | -| `image: repository:` | `string` | `cgr.dev/chainguard/nginx` | Container image repository | -| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | -| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources | -| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources | -| `podAnnotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods | -| `imagePullSecrets:` | `[...timoniv1.ObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) | -| `tolerations:` | `[ ...corev1.#Toleration]` | `[]` | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) | -| `affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | -| `resources:` | `timoniv1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | -| `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]` | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints) | -| `podSecurityContext:` | `corev1.#PodSecurityContext` | `{}` | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `service: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to the Kubernetes Service | -| `service: port:` | `int` | `80` | Kubernetes Service HTTP port | -| `test: enabled:` | `bool` | `false` | Run end-to-end tests at install and upgrades | - -#### Recommended values - -Comply with the restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/): - -```cue -values: { - podSecurityContext: { - runAsUser: 65532 - runAsGroup: 65532 - fsGroup: 65532 - } - securityContext: { - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: drop: ["ALL"] - seccompProfile: type: "RuntimeDefault" - } -} -``` diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue deleted file mode 100644 index 597f5b0e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -#GroupName: "admission.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue deleted file mode 100644 index af26bd06..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue +++ /dev/null @@ -1,172 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// AdmissionReview describes an admission review request/response. -#AdmissionReview: { - metav1.#TypeMeta - - // Request describes the attributes for the admission request. - // +optional - request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt) - - // Response describes the attributes for the admission response. - // +optional - response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt) -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -#AdmissionRequest: { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt) - - // Resource is the fully-qualified resource being requested (for example, v1.pods) - resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt) - - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - subResource?: string @go(SubResource) @protobuf(4,bytes,opt) - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt) - - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt) - - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt) - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - name?: string @go(Name) @protobuf(5,bytes,opt) - - // Namespace is the namespace associated with the request (if any). - // +optional - namespace?: string @go(Namespace) @protobuf(6,bytes,opt) - - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - operation: #Operation @go(Operation) @protobuf(7,bytes,opt) - - // UserInfo is information about the requesting user - userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt) - - // Object is the object from the incoming request. - // +optional - object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt) - - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt) - - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt) - - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt) -} - -// AdmissionResponse describes an admission response. -#AdmissionResponse: { - // UID is an identifier for the individual request/response. - // This must be copied over from the corresponding AdmissionRequest. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Allowed indicates whether or not the admission request was permitted. - allowed: bool @go(Allowed) @protobuf(2,varint,opt) - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt) - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt) - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt) - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt) - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep) -} - -// PatchType is the type of patch being used to represent the mutated object -#PatchType: string // #enumPatchType - -#enumPatchType: - #PatchTypeJSONPatch - -#PatchTypeJSONPatch: #PatchType & "JSONPatch" - -// Operation is the type of resource operation being checked for admission control -#Operation: string // #enumOperation - -#enumOperation: - #Create | - #Update | - #Delete | - #Connect - -#Create: #Operation & "CREATE" -#Update: #Operation & "UPDATE" -#Delete: #Operation & "DELETE" -#Connect: #Operation & "CONNECT" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue deleted file mode 100644 index 5d30100e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -// Package v1 is the v1 version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package v1 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue deleted file mode 100644 index 93348e91..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -#GroupName: "admissionregistration.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue deleted file mode 100644 index 7038db05..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue +++ /dev/null @@ -1,645 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended -// to make sure that all the tuple expansions are valid. -#Rule: { - // APIGroups is the API groups the resources belong to. '*' is all groups. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep) - - // APIVersions is the API versions the resources belong to. '*' is all versions. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' means pods. - // 'pods/log' means the log subresource of pods. - // '*' means all resources, but not subresources. - // 'pods/*' means all subresources of pods. - // '*/scale' means all scale subresources. - // '*/*' means all resources and their subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // Depending on the enclosing object, subresources might not be allowed. - // Required. - // +listType=atomic - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // scope specifies the scope of this rule. - // Valid values are "Cluster", "Namespaced", and "*" - // "Cluster" means that only cluster-scoped resources will match this rule. - // Namespace API objects are cluster-scoped. - // "Namespaced" means that only namespaced resources will match this rule. - // "*" means that there are no scope restrictions. - // Subresources match the scope of their parent resource. - // Default is "*". - // - // +optional - scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep) -} - -// ScopeType specifies a scope for a Rule. -// +enum -#ScopeType: string // #enumScopeType - -#enumScopeType: - #ClusterScope | - #NamespacedScope | - #AllScopes - -// ClusterScope means that scope is limited to cluster-scoped objects. -// Namespace objects are cluster-scoped. -#ClusterScope: #ScopeType & "Cluster" - -// NamespacedScope means that scope is limited to namespaced objects. -#NamespacedScope: #ScopeType & "Namespaced" - -// AllScopes means that all scopes are included. -#AllScopes: #ScopeType & "*" - -// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. -// +enum -#FailurePolicyType: string // #enumFailurePolicyType - -#enumFailurePolicyType: - #Ignore | - #Fail - -// Ignore means that an error calling the webhook is ignored. -#Ignore: #FailurePolicyType & "Ignore" - -// Fail means that an error calling the webhook causes the admission to fail. -#Fail: #FailurePolicyType & "Fail" - -// MatchPolicyType specifies the type of match policy. -// +enum -#MatchPolicyType: string // #enumMatchPolicyType - -#enumMatchPolicyType: - #Exact | - #Equivalent - -// Exact means requests should only be sent to the webhook if they exactly match a given rule. -#Exact: #MatchPolicyType & "Exact" - -// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. -#Equivalent: #MatchPolicyType & "Equivalent" - -// SideEffectClass specifies the types of side effects a webhook may have. -// +enum -#SideEffectClass: string // #enumSideEffectClass - -#enumSideEffectClass: - #SideEffectClassUnknown | - #SideEffectClassNone | - #SideEffectClassSome | - #SideEffectClassNoneOnDryRun - -// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassUnknown: #SideEffectClass & "Unknown" - -// SideEffectClassNone means that calling the webhook will have no side effects. -#SideEffectClassNone: #SideEffectClass & "None" - -// SideEffectClassSome means that calling the webhook will possibly have side effects. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassSome: #SideEffectClass & "Some" - -// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the -// request being reviewed has the dry-run attribute, the side effects will be suppressed. -#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun" - -// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it. -#ValidatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration. -#ValidatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ValidatingWebhookConfiguration. - items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. -#MutatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration. -#MutatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of MutatingWebhookConfiguration. - items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// ValidatingWebhook describes an admission webhook and the resources and operations it applies to. -#ValidatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt) -} - -// MutatingWebhook describes an admission webhook and the resources and operations it applies to. -#MutatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. - // Allowed values are "Never" and "IfNeeded". - // - // Never: the webhook will not be called more than once in a single admission evaluation. - // - // IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation - // if the object being admitted is modified by other admission plugins after the initial webhook call. - // Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. - // Note: - // * the number of additional invocations is not guaranteed to be exactly one. - // * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. - // * webhooks that use this option may be reordered to minimize the number of additional invocations. - // * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. - // - // Defaults to "Never". - // +optional - reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt) -} - -// ReinvocationPolicyType specifies what type of policy the admission hook uses. -// +enum -#ReinvocationPolicyType: string // #enumReinvocationPolicyType - -#enumReinvocationPolicyType: - #NeverReinvocationPolicy | - #IfNeededReinvocationPolicy - -// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a -// single admission evaluation. -#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never" - -// IfNeededReinvocationPolicy indicates that the webhook may be called at least one -// additional time as part of the admission evaluation if the object being admitted is -// modified by other admission plugins after the initial webhook call. -#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded" - -// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make -// sure that all the tuple expansions are valid. -#RuleWithOperations: { - // Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * - // for all of those operations and any future admission operations that are added. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType) - - #Rule -} - -// OperationType specifies an operation for a request. -// +enum -#OperationType: string // #enumOperationType - -#enumOperationType: - #OperationAll | - #Create | - #Update | - #Delete | - #Connect - -#OperationAll: #OperationType & "*" -#Create: #OperationType & "CREATE" -#Update: #OperationType & "UPDATE" -#Delete: #OperationType & "DELETE" -#Connect: #OperationType & "CONNECT" - -// WebhookClientConfig contains the information to make a TLS -// connection with the webhook -#WebhookClientConfig: { - // `url` gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // `service` is a reference to the service for this webhook. Either - // `service` or `url` must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // `namespace` is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // `name` is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // `path` is an optional URL path which will be sent in any request to - // this service. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // If specified, the port on the service that hosting webhook. - // Default to 443 for backward compatibility. - // `port` should be a valid port number (1-65535, inclusive). - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. -#MatchCondition: { - // Name is an identifier for this match condition, used for strategic merging of MatchConditions, - // as well as providing an identifier for logging purposes. A good name should be descriptive of - // the associated expression. - // Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and - // must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or - // '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an - // optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') - // - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. - // CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: - // - // 'object' - The object from the incoming request. The value is null for DELETE requests. - // 'oldObject' - The existing object. The value is null for CREATE requests. - // 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). - // 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. - // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz - // 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the - // request resource. - // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ - // - // Required. - expression: string @go(Expression) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue deleted file mode 100644 index c2497a51..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -#GroupName: "apps" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue deleted file mode 100644 index d3ecc834..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue +++ /dev/null @@ -1,946 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -#ControllerRevisionHashLabelKey: "controller-revision-hash" -#StatefulSetRevisionLabel: "controller-revision-hash" -#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" -#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" -#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" -#PodIndexLabel: "apps.kubernetes.io/pod-index" - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -#StatefulSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired identities of pods in this set. - // +optional - spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -// +enum -#PodManagementPolicyType: string // #enumPodManagementPolicyType - -#enumPodManagementPolicyType: - #OrderedReadyPodManagement | - #ParallelPodManagement - -// OrderedReadyPodManagement will create pods in strictly increasing order on -// scale up and strictly decreasing order on scale down, progressing only when -// the previous pod is ready or terminated. At most one pod will be changed -// at any time. -#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" - -// ParallelPodManagement will create and delete pods as soon as the stateful set -// replica count is changed, and will not wait for pods to be ready or complete -// termination. -#ParallelPodManagement: #PodManagementPolicyType & "Parallel" - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -#StatefulSetUpdateStrategy: { - // Type indicates the type of the StatefulSetUpdateStrategy. - // Default is RollingUpdate. - // +optional - type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) - - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - // +optional - rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -// +enum -#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType - -#enumStatefulSetUpdateStrategyType: - #RollingUpdateStatefulSetStrategyType | - #OnDeleteStatefulSetStrategyType - -// RollingUpdateStatefulSetStrategyType indicates that update will be -// applied to all Pods in the StatefulSet with respect to the StatefulSet -// ordering constraints. When a scale operation is performed with this -// strategy, new Pods will be created from the specification version indicated -// by the StatefulSet's updateRevision. -#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" - -// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version -// tracking and ordered rolling restarts are disabled. Pods are recreated -// from the StatefulSetSpec when they are manually deleted. When a scale -// operation is performed with this strategy,specification version indicated -// by the StatefulSet's currentRevision. -#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -#RollingUpdateStatefulSetStrategy: { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - // +optional - partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) - - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType - -#enumPersistentVolumeClaimRetentionPolicyType: - #RetainPersistentVolumeClaimRetentionPolicyType | - #DeletePersistentVolumeClaimRetentionPolicyType - -// RetainPersistentVolumeClaimRetentionPolicyType is the default -// PersistentVolumeClaimRetentionPolicy and specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will not be deleted. -#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" - -// RetentionPersistentVolumeClaimRetentionPolicyType specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will be deleted in the scenario specified in -// StatefulSetPersistentVolumeClaimRetentionPolicy. -#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -#StatefulSetPersistentVolumeClaimRetentionPolicy: { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) - - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -#StatefulSetOrdinals: { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - start: int32 @go(Start) @protobuf(1,varint,opt) -} - -// A StatefulSetSpec is the specification of a StatefulSet. -#StatefulSetSpec: { - // replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // selector is a label query over pods that should match the replica count. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // -. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // volumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) - - // serviceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) - - // podManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) - - // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent - // volume claims created from volumeClaimTemplates. By default, all persistent - // volume claims are created as needed and retained until manually deleted. This - // policy allows the lifecycle to be altered, for example by deleting persistent - // volume claims when their stateful set is deleted, or when their pod is scaled - // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, - // which is alpha. +optional - persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is beta. - // +optional - ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) -} - -// StatefulSetStatus represents the current state of a StatefulSet. -#StatefulSetStatus: { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // replicas is the number of Pods created by the StatefulSet controller. - replicas: int32 @go(Replicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a statefulset's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) -} - -#StatefulSetConditionType: string - -// StatefulSetCondition describes the state of a statefulset at a certain point. -#StatefulSetCondition: { - // Type of statefulset condition. - type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// StatefulSetList is a collection of StatefulSets. -#StatefulSetList: { - metav1.#TypeMeta - - // Standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of stateful sets. - items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) -} - -// Deployment enables declarative updates for Pods and ReplicaSets. -#Deployment: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the Deployment. - // +optional - spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the Deployment. - // +optional - status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DeploymentSpec is the specification of the desired behavior of the Deployment. -#DeploymentSpec: { - // Number of desired pods. This is a pointer to distinguish between explicit - // zero and not specified. Defaults to 1. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // It must match the pod template's labels. - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template describes the pods that will be created. - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - // +patchStrategy=retainKeys - strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) - - // Indicates that the deployment is paused. - // +optional - paused?: bool @go(Paused) @protobuf(7,varint,opt) - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. Defaults to 600s. - progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) -} - -// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added -// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets -// to select new pods (and old pods being select by new ReplicaSet). -#DefaultDeploymentUniqueLabelKey: "pod-template-hash" - -// DeploymentStrategy describes how to replace existing pods with new ones. -#DeploymentStrategy: { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) -} - -// +enum -#DeploymentStrategyType: string // #enumDeploymentStrategyType - -#enumDeploymentStrategyType: - #RecreateDeploymentStrategyType | - #RollingUpdateDeploymentStrategyType - -// Kill all existing pods before creating new ones. -#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" - -// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. -#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" - -// Spec to control the desired behavior of rolling update. -#RollingUpdateDeployment: { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // Defaults to 25%. - // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - // that the total number of pods available at all times during the update is at - // least 70% of desired pods. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of pods that can be scheduled above the desired number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // Defaults to 25%. - // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - // the rolling update starts, such that the total number of old and new pods do not exceed - // 130% of desired pods. Once old pods have been killed, - // new ReplicaSet can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of desired pods. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DeploymentStatus is the most recently observed status of the Deployment. -#DeploymentStatus: { - // The generation observed by the deployment controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) - - // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) - - // Represents the latest available observations of a deployment's current state. - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) -} - -#DeploymentConditionType: string // #enumDeploymentConditionType - -#enumDeploymentConditionType: - #DeploymentAvailable | - #DeploymentProgressing | - #DeploymentReplicaFailure - -// Available means the deployment is available, ie. at least the minimum available -// replicas required are up and running for at least minReadySeconds. -#DeploymentAvailable: #DeploymentConditionType & "Available" - -// Progressing means the deployment is progressing. Progress for a deployment is -// considered when a new replica set is created or adopted, and when new pods scale -// up or old pods scale down. Progress is not estimated for paused deployments or -// when progressDeadlineSeconds is not specified. -#DeploymentProgressing: #DeploymentConditionType & "Progressing" - -// ReplicaFailure is added in a deployment when one of its pods fails to be created -// or deleted. -#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" - -// DeploymentCondition describes the state of a deployment at a certain point. -#DeploymentCondition: { - // Type of deployment condition. - type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time this condition was updated. - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) - - // Last time the condition transitioned from one status to another. - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) - - // The reason for the condition's last transition. - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DeploymentList is a list of Deployments. -#DeploymentList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Deployments. - items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) -} - -// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. -#DaemonSetUpdateStrategy: { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. - // +optional - type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) -} - -// +enum -#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType - -#enumDaemonSetUpdateStrategyType: - #RollingUpdateDaemonSetStrategyType | - #OnDeleteDaemonSetStrategyType - -// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. -#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" - -// Replace the old daemons only when it's killed -#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" - -// Spec to control the desired behavior of daemon set rolling update. -#RollingUpdateDaemonSet: { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediatedly created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DaemonSetSpec is the specification of a daemon set. -#DaemonSetSpec: { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) -} - -// DaemonSetStatus represents the current status of a daemon set. -#DaemonSetStatus: { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) - - // numberReady is the number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running with a Ready Condition. - numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) - - // The most recent generation observed by the daemon set controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) - - // The total number of nodes that are running updated daemon pod - // +optional - updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a DaemonSet's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) -} - -#DaemonSetConditionType: string - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -#DaemonSetCondition: { - // Type of DaemonSet condition. - type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DaemonSet represents the configuration of a daemon set. -#DaemonSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DefaultDaemonSetUniqueLabelKey is the default label key that is added -// to existing DaemonSet pods to distinguish between old and new -// DaemonSet pods during DaemonSet template updates. -#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" - -// DaemonSetList is a collection of daemon sets. -#DaemonSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // A list of daemon sets. - items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) -} - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -#ReplicaSet: { - metav1.#TypeMeta - - // If the Labels of a ReplicaSet are empty, they are defaulted to - // be the same as the Pod(s) that the ReplicaSet manages. - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the ReplicaSet. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the ReplicaSet. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicaSetList is a collection of ReplicaSets. -#ReplicaSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ReplicaSets. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -#ReplicaSetSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the replica count. - // Label keys and values that must match in order to be controlled by this replica set. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -#ReplicaSetStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replica set's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) -} - -#ReplicaSetConditionType: string // #enumReplicaSetConditionType - -#enumReplicaSetConditionType: - #ReplicaSetReplicaFailure - -// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created -// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted -// due to kubelet being down or finalizers are failing. -#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" - -// ReplicaSetCondition describes the state of a replica set at a certain point. -#ReplicaSetCondition: { - // Type of replica set condition. - type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both -// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, -// it may be subject to name and representation changes in future releases, and clients should not -// depend on its stability. It is primarily for internal use by controllers. -#ControllerRevision: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Data is the serialized representation of the state. - data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) - - // Revision indicates the revision of the state represented by Data. - revision: int64 @go(Revision) @protobuf(3,varint,opt) -} - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -#ControllerRevisionList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ControllerRevisions - items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue deleted file mode 100644 index 08256009..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -#GroupName: "authentication.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue deleted file mode 100644 index 5f0127a6..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -// ImpersonateUserHeader is used to impersonate a particular user during an API server request -#ImpersonateUserHeader: "Impersonate-User" - -// ImpersonateGroupHeader is used to impersonate a particular group during an API server request. -// It can be repeated multiplied times for multiple groups. -#ImpersonateGroupHeader: "Impersonate-Group" - -// ImpersonateUIDHeader is used to impersonate a particular UID during an API server request -#ImpersonateUIDHeader: "Impersonate-Uid" - -// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the -// extra map[string][]string for user.Info. The key will be every after the prefix. -// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple -// times to have multiple elements in the slice under a single key -#ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-" - -// TokenReview attempts to authenticate a token to a known user. -// Note: TokenReview requests may be cached by the webhook token authenticator -// plugin in the kube-apiserver. -#TokenReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request can be authenticated. - // +optional - status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenReviewSpec is a description of the token authentication request. -#TokenReviewSpec: { - // Token is the opaque bearer token. - // +optional - token?: string @go(Token) @protobuf(1,bytes,opt) - - // Audiences is a list of the identifiers that the resource server presented - // with the token identifies as. Audience-aware token authenticators will - // verify that the token was intended for at least one of the audiences in - // this list. If no audiences are provided, the audience will default to the - // audience of the Kubernetes apiserver. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep) -} - -// TokenReviewStatus is the result of the token authentication request. -#TokenReviewStatus: { - // Authenticated indicates that the token was associated with a known user. - // +optional - authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt) - - // User is the UserInfo associated with the provided token. - // +optional - user?: #UserInfo @go(User) @protobuf(2,bytes,opt) - - // Audiences are audience identifiers chosen by the authenticator that are - // compatible with both the TokenReview and token. An identifier is any - // identifier in the intersection of the TokenReviewSpec audiences and the - // token's audiences. A client of the TokenReview API that sets the - // spec.audiences field should validate that a compatible audience identifier - // is returned in the status.audiences field to ensure that the TokenReview - // server is audience aware. If a TokenReview returns an empty - // status.audience field where status.authenticated is "true", the token is - // valid against the audience of the Kubernetes API server. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep) - - // Error indicates that the token couldn't be checked - // +optional - error?: string @go(Error) @protobuf(3,bytes,opt) -} - -// UserInfo holds the information about the user needed to implement the -// user.Info interface. -#UserInfo: { - // The name that uniquely identifies this user among all active users. - // +optional - username?: string @go(Username) @protobuf(1,bytes,opt) - - // A unique value that identifies this user across time. If this user is - // deleted and another user by the same name is added, they will have - // different UIDs. - // +optional - uid?: string @go(UID) @protobuf(2,bytes,opt) - - // The names of groups this user is a part of. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep) - - // Any additional information provided by the authenticator. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// TokenRequest requests a token for a given service account. -#TokenRequest: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the token can be authenticated. - // +optional - status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenRequestSpec contains client provided parameters of a token request. -#TokenRequestSpec: { - // Audiences are the intendend audiences of the token. A recipient of a - // token must identify themself with an identifier in the list of - // audiences of the token, and otherwise should reject the token. A - // token issued for multiple audiences may be used to authenticate - // against any of the audiences listed but implies a high degree of - // trust between the target audiences. - audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep) - - // ExpirationSeconds is the requested duration of validity of the request. The - // token issuer may return a token with a different validity duration so a - // client needs to check the 'expiration' field in a response. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt) - - // BoundObjectRef is a reference to an object that the token will be bound to. - // The token will only be valid for as long as the bound object exists. - // NOTE: The API server's TokenReview endpoint will validate the - // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds - // small if you want prompt revocation. - // +optional - boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt) -} - -// TokenRequestStatus is the result of a token request. -#TokenRequestStatus: { - // Token is the opaque bearer token. - token: string @go(Token) @protobuf(1,bytes,opt) - - // ExpirationTimestamp is the time of expiration of the returned token. - expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt) -} - -// BoundObjectReference is a reference to an object that a token is bound to. -#BoundObjectReference: { - // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) - - // Name of the referent. - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. -// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or -// request header authentication is used, any extra keys will have their case ignored and returned as lowercase. -#SelfSubjectReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Status is filled in by the server with the user attributes. - status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt) -} - -// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user. -#SelfSubjectReviewStatus: { - // User attributes of the user making this request. - // +optional - userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue deleted file mode 100644 index afd54ec0..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -#GroupName: "authorization.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue deleted file mode 100644 index 6eaf8187..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue +++ /dev/null @@ -1,262 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// SubjectAccessReview checks whether or not a user or group can perform an action. -#SubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a -// spec.namespace means "in all namespaces". Self is a special case, because users should always be able -// to check whether they can perform an action -#SelfSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. user and groups must be empty - spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. -// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions -// checking. -#LocalSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace - // you made the request against. If empty, it is defaulted. - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface -#ResourceAttributes: { - // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces - // "" (empty) is defaulted for LocalSubjectAccessReviews - // "" (empty) is empty for cluster-scoped resources - // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview - // +optional - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) - - // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) - - // Group is the API Group of the Resource. "*" means all. - // +optional - group?: string @go(Group) @protobuf(3,bytes,opt) - - // Version is the API Version of the Resource. "*" means all. - // +optional - version?: string @go(Version) @protobuf(4,bytes,opt) - - // Resource is one of the existing resource types. "*" means all. - // +optional - resource?: string @go(Resource) @protobuf(5,bytes,opt) - - // Subresource is one of the existing resource types. "" means none. - // +optional - subresource?: string @go(Subresource) @protobuf(6,bytes,opt) - - // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. - // +optional - name?: string @go(Name) @protobuf(7,bytes,opt) -} - -// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface -#NonResourceAttributes: { - // Path is the URL path of the request - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Verb is the standard HTTP verb - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) - - // User is the user you're testing for. - // If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // Groups is the groups you're testing for. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer - // it needs a reflection here. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep) - - // UID information about the requesting user. - // +optional - uid?: string @go(UID) @protobuf(6,bytes,opt) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SelfSubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewStatus -#SubjectAccessReviewStatus: { - // Allowed is required. True if the action would be allowed, false otherwise. - allowed: bool @go(Allowed) @protobuf(1,varint,opt) - - // Denied is optional. True if the action would be denied, otherwise - // false. If both allowed is false and denied is false, then the - // authorizer has no opinion on whether to authorize the action. Denied - // may not be true if Allowed is true. - // +optional - denied?: bool @go(Denied) @protobuf(4,varint,opt) - - // Reason is optional. It indicates why a request was allowed or denied. - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // EvaluationError is an indication that some error occurred during the authorization check. - // It is entirely possible to get an error and be able to continue determine authorization status in spite of it. - // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. -// The returned list of actions may be incomplete depending on the server's authorization mode, -// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, -// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to -// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. -// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. -#SelfSubjectRulesReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. - spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates the set of actions a user can perform. - // +optional - status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview. -#SelfSubjectRulesReviewSpec: { - // Namespace to evaluate rules for. Required. - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) -} - -// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on -// the set of authorizers the server is configured with and any errors experienced during evaluation. -// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, -// even if that list is incomplete. -#SubjectRulesReviewStatus: { - // ResourceRules is the list of actions the subject is allowed to perform on resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep) - - // NonResourceRules is the list of actions the subject is allowed to perform on non-resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep) - - // Incomplete is true when the rules returned by this call are incomplete. This is most commonly - // encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation. - incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep) - - // EvaluationError can appear in combination with Rules. It indicates an error occurred during - // rule evaluation, such as an authorizer that doesn't support rule evaluation, and that - // ResourceRules and/or NonResourceRules may be incomplete. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt) -} - -// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, -// may contain duplicates, and possibly be incomplete. -#ResourceRule: { - // Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "*" means all. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. - // "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) -} - -// NonResourceRule holds information that describes a rule for the non-resource -#NonResourceRule: { - // Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, - // final step in the path. "*" means all. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue deleted file mode 100644 index 0a7f3423..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -#GroupName: "autoscaling" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue deleted file mode 100644 index 6e873a35..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue +++ /dev/null @@ -1,542 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/api/core/v1" -) - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -// +structType=atomic -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// specification of a horizontal pod autoscaler. -#HorizontalPodAutoscalerSpec: { - // reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption - // and will set the desired number of pods by using its Scale subresource. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods; - // if not specified the default autoscaling policy will be used. - // +optional - targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt) -} - -// current status of a horizontal pod autoscaler -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods; - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is the current number of replicas of pods managed by this autoscaler. - currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU, - // e.g. 70 means that an average pod is using now 70% of its requested CPU. - // +optional - currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt) -} - -// configuration of a horizontal pod autoscaler. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} - -// Scale represents a scaling request for a resource. -#Scale: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only. - // +optional - status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ScaleSpec describes the attributes of a scale subresource. -#ScaleSpec: { - // replicas is the desired number of instances for the scaled object. - // +optional - replicas?: int32 @go(Replicas) @protobuf(1,varint,opt) -} - -// ScaleStatus represents the current status of a scale subresource. -#ScaleStatus: { - // replicas is the actual number of observed instances of the scaled object. - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // selector is the label query over pods that should match the replicas count. This is same - // as the label selector but in the string format to avoid introspection - // by clients. The string will be in the same format as the query-param syntax. - // More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // +optional - selector?: string @go(Selector) @protobuf(2,bytes,opt) -} - -// MetricSourceType indicates the type of metric. -// +enum -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod of the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // targetValue is the target value of the metric (as a quantity). - targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric. - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // targetAverageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in the requests and limits, describing a single container in -// each of the pods of the current scale target(e.g. CPU or memory). The values will be -// averaged together before being compared to the target. Such metrics are built into -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // container is the name of the container in the pods of the scaling target. - container: string @go(Container) @protobuf(5,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // targetValue is the target value of the metric (as a quantity). - // Mutually exclusive with TargetAverageValue. - // +optional - targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // targetAverageValue is the target per-pod value of global metric (as a quantity). - // Mutually exclusive with TargetValue. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // currentValue is the current value of the metric (as a quantity). - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // currentAverageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) - - // container is the name of the container in the pods of the scaling taget - container: string @go(Container) @protobuf(4,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metricName is the name of a metric used for autoscaling in - // metric system. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // currentValue is the current value of the metric (as a quantity) - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // currentAverageValue is the current value of metric averaged over autoscaled pods. - // +optional - currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue deleted file mode 100644 index aea0fb26..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -#GroupName: "autoscaling" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue deleted file mode 100644 index 76702085..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue +++ /dev/null @@ -1,597 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// HorizontalPodAutoscaler is the configuration for a horizontal pod -// autoscaler, which automatically manages the replica count of any resource -// implementing the scale subresource based on the metrics specified. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // metadata is the standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification for the behaviour of the autoscaler. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler. -#HorizontalPodAutoscalerSpec: { - // scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - // should be collected, as well as to actually change the replica count. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - // It cannot be less that minReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // metrics contains the specifications for which to use to calculate the - // desired replica count (the maximum replica count across all metrics will - // be used). The desired replica count is calculated multiplying the - // ratio between the target value and the current value by the current - // number of pods. Ergo, metrics used must decrease as the pod count is - // increased, and vice-versa. See the individual metric source types for - // more information about how each type of metric must respond. - // If not set, the default metric will be set to 80% average CPU utilization. - // +listType=atomic - // +optional - metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep) - - // behavior configures the scaling behavior of the target - // in both Up and Down directions (scaleUp and scaleDown fields respectively). - // If not set, the default HPAScalingRules for scale up and scale down are used. - // +optional - behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt) -} - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in - // each pod of the current scale target (e.g. CPU or memory). Such metrics are - // built in to Kubernetes, and have special scaling options on top of those - // available to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target -// in both Up and Down directions (scaleUp and scaleDown fields respectively). -#HorizontalPodAutoscalerBehavior: { - // scaleUp is scaling policy for scaling Up. - // If not set, the default value is the higher of: - // * increase no more than 4 pods per 60 seconds - // * double the number of pods per 60 seconds - // No stabilization is used. - // +optional - scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt) - - // scaleDown is scaling policy for scaling Down. - // If not set, the default value is to allow to scale down to minReplicas pods, with a - // 300 second stabilization window (i.e., the highest recommendation for - // the last 300sec is used). - // +optional - scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt) -} - -// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction -#ScalingPolicySelect: string // #enumScalingPolicySelect - -#enumScalingPolicySelect: - #MaxChangePolicySelect | - #MinChangePolicySelect | - #DisabledPolicySelect - -// MaxChangePolicySelect selects the policy with the highest possible change. -#MaxChangePolicySelect: #ScalingPolicySelect & "Max" - -// MinChangePolicySelect selects the policy with the lowest possible change. -#MinChangePolicySelect: #ScalingPolicySelect & "Min" - -// DisabledPolicySelect disables the scaling in this direction. -#DisabledPolicySelect: #ScalingPolicySelect & "Disabled" - -// HPAScalingRules configures the scaling behavior for one direction. -// These Rules are applied after calculating DesiredReplicas from metrics for the HPA. -// They can limit the scaling velocity by specifying scaling policies. -// They can prevent flapping by specifying the stabilization window, so that the -// number of replicas is not set instantly, instead, the safest value from the stabilization -// window is chosen. -#HPAScalingRules: { - // stabilizationWindowSeconds is the number of seconds for which past recommendations should be - // considered while scaling up or scaling down. - // StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - // If not set, use the default values: - // - For scale up: 0 (i.e. no stabilization is done). - // - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - // +optional - stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt) - - // selectPolicy is used to specify which policy should be used. - // If not set, the default value Max is used. - // +optional - selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt) - - // policies is a list of potential scaling polices which can be used during scaling. - // At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - // +listType=atomic - // +optional - policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep) -} - -// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions. -#HPAScalingPolicyType: string // #enumHPAScalingPolicyType - -#enumHPAScalingPolicyType: - #PodsScalingPolicy | - #PercentScalingPolicy - -// PodsScalingPolicy is a policy used to specify a change in absolute number of pods. -#PodsScalingPolicy: #HPAScalingPolicyType & "Pods" - -// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to -// the current number of pods. -#PercentScalingPolicy: #HPAScalingPolicyType & "Percent" - -// HPAScalingPolicy is a single policy which must hold true for a specified past interval. -#HPAScalingPolicy: { - // type is used to specify the scaling policy. - type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType) - - // value contains the amount of change which is permitted by the policy. - // It must be greater than zero - value: int32 @go(Value) @protobuf(2,varint,opt) - - // periodSeconds specifies the window of time for which the policy should hold true. - // PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt) -} - -// MetricSourceType indicates the type of metric. -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // describedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// MetricIdentifier defines the name and optionally selector for a metric -#MetricIdentifier: { - // name is the name of the given metric - name: string @go(Name) @protobuf(1,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes) -} - -// MetricTarget defines the target value, average value, or average utilization of a specific metric -#MetricTarget: { - // type represents whether the metric type is Utilization, Value, or AverageValue - type: #MetricTargetType @go(Type) @protobuf(1,bytes) - - // value is the target value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // averageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // Currently only valid for Resource metric source type - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt) -} - -// MetricTargetType specifies the type of metric being targeted, and should be either -// "Value", "AverageValue", or "Utilization" -#MetricTargetType: string // #enumMetricTargetType - -#enumMetricTargetType: - #UtilizationMetricType | - #ValueMetricType | - #AverageValueMetricType - -// UtilizationMetricType declares a MetricTarget is an AverageUtilization value -#UtilizationMetricType: #MetricTargetType & "Utilization" - -// ValueMetricType declares a MetricTarget is a raw value -#ValueMetricType: #MetricTargetType & "Value" - -// AverageValueMetricType declares a MetricTarget is an -#AverageValueMetricType: #MetricTargetType & "AverageValue" - -// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler. -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is current number of replicas of pods managed by this autoscaler, - // as last seen by the autoscaler. - // +optional - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler, - // as last calculated by the autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentMetrics is the last read state of the metrics used by this autoscaler. - // +listType=atomic - // +optional - currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep) - - // conditions is the set of conditions required for this autoscaler to scale its target, - // and indicates whether or not those conditions are met. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // container resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // DescribedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// MetricValueStatus holds the current value for a metric -#MetricValueStatus: { - // value is the current value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // metadata is the standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue deleted file mode 100644 index 5c489087..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -#GroupName: "batch" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue deleted file mode 100644 index 3cbdc66f..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue +++ /dev/null @@ -1,693 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" -) - -// All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels -// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions -_#labelPrefix: "batch.kubernetes.io/" - -// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job. -// It records the original/expected scheduled timestamp for the running job, represented in RFC3339. -// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled. -#CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp" -#JobCompletionIndexAnnotation: "batch.kubernetes.io/job-completion-index" - -// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from -// being deleted before being accounted in the Job status. -// -// Additionally, the apiserver and job controller use this string as a Job -// annotation, to mark Jobs that are being tracked using pod finalizers. -// However, this behavior is deprecated in kubernetes 1.26. This means that, in -// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the -// apiserver and job controller will ignore this annotation and they will -// always track jobs using finalizers. -#JobTrackingFinalizer: "batch.kubernetes.io/job-tracking" - -// The Job labels will use batch.kubernetes.io as a prefix for all labels -// Historically the job controller uses unprefixed labels for job-name and controller-uid and -// Kubernetes continutes to recognize those unprefixed labels for consistency. -#JobNameLabel: "batch.kubernetes.io/job-name" - -// ControllerUid is used to programatically get pods corresponding to a Job. -// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons. -#ControllerUidLabel: "batch.kubernetes.io/controller-uid" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which are counted towards the backoff limit. -#JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which don't count towards the backoff limit, according to the -// pod failure policy. When the annotation is absent zero is implied. -#JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count" - -// Job represents the configuration of a single job. -#Job: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #JobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// JobList is a collection of jobs. -#JobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Jobs. - items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep) -} - -// CompletionMode specifies how Pod completions of a Job are tracked. -// +enum -#CompletionMode: string // #enumCompletionMode - -#enumCompletionMode: - #NonIndexedCompletion | - #IndexedCompletion - -// NonIndexedCompletion is a Job completion mode. In this mode, the Job is -// considered complete when there have been .spec.completions -// successfully completed Pods. Pod completions are homologous to each other. -#NonIndexedCompletion: #CompletionMode & "NonIndexed" - -// IndexedCompletion is a Job completion mode. In this mode, the Pods of a -// Job get an associated completion index from 0 to (.spec.completions - 1). -// The Job is considered complete when a Pod completes for each completion -// index. -#IndexedCompletion: #CompletionMode & "Indexed" - -// PodFailurePolicyAction specifies how a Pod failure is handled. -// +enum -#PodFailurePolicyAction: string // #enumPodFailurePolicyAction - -#enumPodFailurePolicyAction: - #PodFailurePolicyActionFailJob | - #PodFailurePolicyActionFailIndex | - #PodFailurePolicyActionIgnore | - #PodFailurePolicyActionCount - -// This is an action which might be taken on a pod failure - mark the -// pod's job as Failed and terminate all running pods. -#PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob" - -// This is an action which might be taken on a pod failure - mark the -// Job's index as failed to avoid restarts within this index. This action -// can only be used when backoffLimitPerIndex is set. -#PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex" - -// This is an action which might be taken on a pod failure - the counter towards -// .backoffLimit, represented by the job's .status.failed field, is not -// incremented and a replacement pod is created. -#PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore" - -// This is an action which might be taken on a pod failure - the pod failure -// is handled in the default way - the counter towards .backoffLimit, -// represented by the job's .status.failed field, is incremented. -#PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count" - -// +enum -#PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator - -#enumPodFailurePolicyOnExitCodesOperator: - #PodFailurePolicyOnExitCodesOpIn | - #PodFailurePolicyOnExitCodesOpNotIn - -#PodFailurePolicyOnExitCodesOpIn: #PodFailurePolicyOnExitCodesOperator & "In" -#PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn" - -// PodReplacementPolicy specifies the policy for creating pod replacements. -// +enum -#PodReplacementPolicy: string // #enumPodReplacementPolicy - -#enumPodReplacementPolicy: - #TerminatingOrFailed | - #Failed - -// TerminatingOrFailed means that we recreate pods -// when they are terminating (has a metadata.deletionTimestamp) or failed. -#TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed" - -// Failed means to wait until a previously created Pod is fully terminated (has phase -// Failed or Succeeded) before creating a replacement Pod. -#Failed: #PodReplacementPolicy & "Failed" - -// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling -// a failed pod based on its container exit codes. In particular, it lookups the -// .state.terminated.exitCode for each app container and init container status, -// represented by the .status.containerStatuses and .status.initContainerStatuses -// fields in the Pod status, respectively. Containers completed with success -// (exit code 0) are excluded from the requirement check. -#PodFailurePolicyOnExitCodesRequirement: { - // Restricts the check for exit codes to the container with the - // specified name. When null, the rule applies to all containers. - // When specified, it should match one the container or initContainer - // names in the pod template. - // +optional - containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt) - - // Represents the relationship between the container exit code(s) and the - // specified values. Containers completed with success (exit code 0) are - // excluded from the requirement check. Possible values are: - // - // - In: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is in the set of specified values. - // - NotIn: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is not in the set of specified values. - // Additional values are considered to be added in the future. Clients should - // react to an unknown operator by assuming the requirement is not satisfied. - operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req) - - // Specifies the set of values. Each returned container exit code (might be - // multiple in case of multiple containers) is checked against this set of - // values with respect to the operator. The list of values must be ordered - // and must not contain duplicates. Value '0' cannot be used for the In operator. - // At least one element is required. At most 255 elements are allowed. - // +listType=set - values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep) -} - -// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching -// an actual pod condition type. -#PodFailurePolicyOnPodConditionsPattern: { - // Specifies the required Pod condition type. To match a pod condition - // it is required that specified type equals the pod condition type. - type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req) - - // Specifies the required Pod condition status. To match a pod condition - // it is required that the specified status equals the pod condition status. - // Defaults to True. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req) -} - -// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. -// One of onExitCodes and onPodConditions, but not both, can be used in each rule. -#PodFailurePolicyRule: { - // Specifies the action taken on a pod failure when the requirements are satisfied. - // Possible values are: - // - // - FailJob: indicates that the pod's job is marked as Failed and all - // running pods are terminated. - // - FailIndex: indicates that the pod's index is marked as Failed and will - // not be restarted. - // This value is alpha-level. It can be used when the - // `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). - // - Ignore: indicates that the counter towards the .backoffLimit is not - // incremented and a replacement pod is created. - // - Count: indicates that the pod is handled in the default way - the - // counter towards the .backoffLimit is incremented. - // Additional values are considered to be added in the future. Clients should - // react to an unknown action by skipping the rule. - action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req) - - // Represents the requirement on the container exit codes. - // +optional - onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt) - - // Represents the requirement on the pod conditions. The requirement is represented - // as a list of pod condition patterns. The requirement is satisfied if at - // least one pattern matches an actual pod condition. At most 20 elements are allowed. - // +listType=atomic - // +optional - onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt) -} - -// PodFailurePolicy describes how failed pods influence the backoffLimit. -#PodFailurePolicy: { - // A list of pod failure policy rules. The rules are evaluated in order. - // Once a rule matches a Pod failure, the remaining of the rules are ignored. - // When no rule matches the Pod failure, the default handling applies - the - // counter of pod failures is incremented and it is checked against - // the backoffLimit. At most 20 elements are allowed. - // +listType=atomic - rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt) -} - -// JobSpec describes how the job execution will look like. -#JobSpec: { - // Specifies the maximum desired number of pods the job should - // run at any given time. The actual number of pods running in steady state will - // be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - // i.e. when the work left to do is less than max parallelism. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt) - - // Specifies the desired number of successfully finished pods the - // job should be run with. Setting to null means that the success of any - // pod signals the success of all pods, and allows parallelism to have any positive - // value. Setting to 1 means that parallelism is limited to 1 and the success of that - // pod signals the success of the job. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt) - - // Specifies the duration in seconds relative to the startTime that the job - // may be continuously active before the system tries to terminate it; value - // must be positive integer. If a Job is suspended (at creation or through an - // update), this timer will effectively be stopped and reset when the Job is - // resumed again. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt) - - // Specifies the policy of handling failed pods. In particular, it allows to - // specify the set of actions and conditions which need to be - // satisfied to take the associated action. - // If empty, the default behaviour applies - the counter of failed pods, - // represented by the jobs's .status.failed field, is incremented and it is - // checked against the backoffLimit. This field cannot be used in combination - // with restartPolicy=OnFailure. - // - // This field is beta-level. It can be used when the `JobPodFailurePolicy` - // feature gate is enabled (enabled by default). - // +optional - podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt) - - // Specifies the number of retries before marking this job failed. - // Defaults to 6 - // +optional - backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt) - - // Specifies the limit for the number of retries within an - // index before marking this index as failed. When enabled the number of - // failures per index is kept in the pod's - // batch.kubernetes.io/job-index-failure-count annotation. It can only - // be set when Job's completionMode=Indexed, and the Pod's restart - // policy is Never. The field is immutable. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt) - - // Specifies the maximal number of failed indexes before marking the Job as - // failed, when backoffLimitPerIndex is set. Once the number of failed - // indexes exceeds this number the entire Job is marked as Failed and its - // execution is terminated. When left as null the job continues execution of - // all of its indexes and is marked with the `Complete` Job condition. - // It can only be specified when backoffLimitPerIndex is set. - // It can be null or up to completions. It is required and must be - // less than or equal to 10^4 when is completions greater than 10^5. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt) - - // A label query over pods that should match the pod count. - // Normally, the system sets this field for you. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // manualSelector controls generation of pod labels and pod selectors. - // Leave `manualSelector` unset unless you are certain what you are doing. - // When false or unset, the system pick labels unique to this job - // and appends those labels to the pod template. When true, - // the user is responsible for picking unique labels and specifying - // the selector. Failure to pick a unique label may cause this - // and other jobs to not function correctly. However, You may see - // `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` - // API. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector - // +optional - manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt) - - // Describes the pod that will be created when executing a job. - // The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt) - - // ttlSecondsAfterFinished limits the lifetime of a Job that has finished - // execution (either Complete or Failed). If this field is set, - // ttlSecondsAfterFinished after the Job finishes, it is eligible to be - // automatically deleted. When the Job is being deleted, its lifecycle - // guarantees (e.g. finalizers) will be honored. If this field is unset, - // the Job won't be automatically deleted. If this field is set to zero, - // the Job becomes eligible to be deleted immediately after it finishes. - // +optional - ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt) - - // completionMode specifies how Pod completions are tracked. It can be - // `NonIndexed` (default) or `Indexed`. - // - // `NonIndexed` means that the Job is considered complete when there have - // been .spec.completions successfully completed Pods. Each Pod completion is - // homologous to each other. - // - // `Indexed` means that the Pods of a - // Job get an associated completion index from 0 to (.spec.completions - 1), - // available in the annotation batch.kubernetes.io/job-completion-index. - // The Job is considered complete when there is one successfully completed Pod - // for each index. - // When value is `Indexed`, .spec.completions must be specified and - // `.spec.parallelism` must be less than or equal to 10^5. - // In addition, The Pod name takes the form - // `$(job-name)-$(index)-$(random-string)`, - // the Pod hostname takes the form `$(job-name)-$(index)`. - // - // More completion modes can be added in the future. - // If the Job controller observes a mode that it doesn't recognize, which - // is possible during upgrades due to version skew, the controller - // skips updates for the Job. - // +optional - completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode) - - // suspend specifies whether the Job controller should create Pods or not. If - // a Job is created with suspend set to true, no Pods are created by the Job - // controller. If a Job is suspended after creation (i.e. the flag goes from - // false to true), the Job controller will delete all active Pods associated - // with this Job. Users must design their workload to gracefully handle this. - // Suspending a Job will reset the StartTime field of the Job, effectively - // resetting the ActiveDeadlineSeconds timer too. Defaults to false. - // - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt) - - // podReplacementPolicy specifies when to create replacement Pods. - // Possible values are: - // - TerminatingOrFailed means that we recreate pods - // when they are terminating (has a metadata.deletionTimestamp) or failed. - // - Failed means to wait until a previously created Pod is fully terminated (has phase - // Failed or Succeeded) before creating a replacement Pod. - // - // When using podFailurePolicy, Failed is the the only allowed value. - // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. - // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field. - // +optional - podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy) -} - -// JobStatus represents the current state of a Job. -#JobStatus: { - // The latest available observations of an object's current state. When a Job - // fails, one of the conditions will have type "Failed" and status true. When - // a Job is suspended, one of the conditions will have type "Suspended" and - // status true; when the Job is resumed, the status of this condition will - // become false. When a Job is completed, one of the conditions will have - // type "Complete" and status true. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=atomic - conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep) - - // Represents time when the job controller started processing a job. When a - // Job is created in the suspended state, this field is not set until the - // first time it is resumed. This field is reset every time a Job is resumed - // from suspension. It is represented in RFC3339 form and is in UTC. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt) - - // Represents time when the job was completed. It is not guaranteed to - // be set in happens-before order across separate operations. - // It is represented in RFC3339 form and is in UTC. - // The completion time is only set when the job finishes successfully. - // +optional - completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt) - - // The number of pending and running pods. - // +optional - active?: int32 @go(Active) @protobuf(4,varint,opt) - - // The number of pods which reached phase Succeeded. - // +optional - succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt) - - // The number of pods which reached phase Failed. - // +optional - failed?: int32 @go(Failed) @protobuf(6,varint,opt) - - // The number of pods which are terminating (in phase Pending or Running - // and have a deletionTimestamp). - // - // This field is alpha-level. The job controller populates the field when - // the feature gate JobPodReplacementPolicy is enabled (disabled by default). - // +optional - terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt) - - // completedIndexes holds the completed indexes when .spec.completionMode = - // "Indexed" in a text format. The indexes are represented as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // +optional - completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt) - - // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. - // The indexes are represented in the text format analogous as for the - // `completedIndexes` field, ie. they are kept as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt) - - // uncountedTerminatedPods holds the UIDs of Pods that have terminated but - // the job controller hasn't yet accounted for in the status counters. - // - // The job controller creates pods with a finalizer. When a pod terminates - // (succeeded or failed), the controller does three steps to account for it - // in the job status: - // - // 1. Add the pod UID to the arrays in this field. - // 2. Remove the pod finalizer. - // 3. Remove the pod UID from the arrays while increasing the corresponding - // counter. - // - // Old jobs might not be tracked using this field, in which case the field - // remains null. - // +optional - uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt) - - // The number of pods which have a Ready condition. - // - // This field is beta-level. The job controller populates the field when - // the feature gate JobReadyPods is enabled (enabled by default). - // +optional - ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt) -} - -// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't -// been accounted in Job status counters. -#UncountedTerminatedPods: { - // succeeded holds UIDs of succeeded Pods. - // +listType=set - // +optional - succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) - - // failed holds UIDs of failed Pods. - // +listType=set - // +optional - failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -#JobConditionType: string // #enumJobConditionType - -#enumJobConditionType: - #JobSuspended | - #JobComplete | - #JobFailed | - #JobFailureTarget - -// JobSuspended means the job has been suspended. -#JobSuspended: #JobConditionType & "Suspended" - -// JobComplete means the job has completed its execution. -#JobComplete: #JobConditionType & "Complete" - -// JobFailed means the job has failed its execution. -#JobFailed: #JobConditionType & "Failed" - -// FailureTarget means the job is about to fail its execution. -#JobFailureTarget: #JobConditionType & "FailureTarget" - -// JobCondition describes current state of a job. -#JobCondition: { - // Type of job condition, Complete or Failed. - type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType) - - // Status of the condition, one of True, False, Unknown. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition was checked. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// JobTemplateSpec describes the data a Job should have when created from a template -#JobTemplateSpec: { - // Standard object's metadata of the jobs created from this template. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CronJob represents the configuration of a single cron job. -#CronJob: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a cron job, including the schedule. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a cron job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CronJobList is a collection of cron jobs. -#CronJobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CronJobs. - items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep) -} - -// CronJobSpec describes how the job execution will look like and when it will actually run. -#CronJobSpec: { - // The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - schedule: string @go(Schedule) @protobuf(1,bytes,opt) - - // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - // If not specified, this will default to the time zone of the kube-controller-manager process. - // The set of valid time zone names and the time zone offset is loaded from the system-wide time zone - // database by the API server during CronJob validation and the controller manager during execution. - // If no system-wide time zone database can be found a bundled version of the database is used instead. - // If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host - // configuration, the controller will stop creating new new Jobs and will create a system event with the - // reason UnknownTimeZone. - // More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - // +optional - timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt) - - // Optional deadline in seconds for starting the job if it misses scheduled - // time for any reason. Missed jobs executions will be counted as failed ones. - // +optional - startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt) - - // Specifies how to treat concurrent executions of a Job. - // Valid values are: - // - // - "Allow" (default): allows CronJobs to run concurrently; - // - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - // - "Replace": cancels currently running job and replaces it with a new one - // +optional - concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy) - - // This flag tells the controller to suspend subsequent executions, it does - // not apply to already started executions. Defaults to false. - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt) - - // Specifies the job that will be created when executing a CronJob. - jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt) - - // The number of successful finished jobs to retain. Value must be non-negative integer. - // Defaults to 3. - // +optional - successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt) - - // The number of failed finished jobs to retain. Value must be non-negative integer. - // Defaults to 1. - // +optional - failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt) -} - -// ConcurrencyPolicy describes how the job will be handled. -// Only one of the following concurrent policies may be specified. -// If none of the following policies is specified, the default one -// is AllowConcurrent. -// +enum -#ConcurrencyPolicy: string // #enumConcurrencyPolicy - -#enumConcurrencyPolicy: - #AllowConcurrent | - #ForbidConcurrent | - #ReplaceConcurrent - -// AllowConcurrent allows CronJobs to run concurrently. -#AllowConcurrent: #ConcurrencyPolicy & "Allow" - -// ForbidConcurrent forbids concurrent runs, skipping next run if previous -// hasn't finished yet. -#ForbidConcurrent: #ConcurrencyPolicy & "Forbid" - -// ReplaceConcurrent cancels currently running job and replaces it with a new one. -#ReplaceConcurrent: #ConcurrencyPolicy & "Replace" - -// CronJobStatus represents the current state of a cron job. -#CronJobStatus: { - // A list of pointers to currently running jobs. - // +optional - // +listType=atomic - active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep) - - // Information when was the last time the job was successfully scheduled. - // +optional - lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt) - - // Information when was the last time the job successfully completed. - // +optional - lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue deleted file mode 100644 index f2ce3436..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -#GroupName: "certificates.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue deleted file mode 100644 index 401ca5c9..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue +++ /dev/null @@ -1,318 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates -// by submitting a certificate signing request, and having it asynchronously approved and issued. -// -// Kubelets use this API to obtain: -// 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). -// 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName). -// -// This API can be used to request client certificates to authenticate to kube-apiserver -// (with the "kubernetes.io/kube-apiserver-client" signerName), -// or to obtain certificates from custom non-Kubernetes signers. -#CertificateSigningRequest: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the certificate request, and is immutable after creation. - // Only the request, signerName, expirationSeconds, and usages fields can be set on creation. - // Other fields are derived by Kubernetes and cannot be modified by users. - spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // status contains information about whether the request is approved or denied, - // and the certificate issued by the signer, or the failure condition indicating signer failure. - // +optional - status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CertificateSigningRequestSpec contains the certificate request. -#CertificateSigningRequestSpec: { - // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. - // When serialized as JSON or YAML, the data is additionally base64-encoded. - // +listType=atomic - request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt) - - // signerName indicates the requested signer, and is a qualified name. - // - // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. - // - // Well-known Kubernetes signers are: - // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. - // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. - // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. - // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. - // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // - // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers - // - // Custom signerNames can also be specified. The signer defines: - // 1. Trust distribution: how trust (CA bundles) are distributed. - // 2. Permitted subjects: and behavior when a disallowed subject is requested. - // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. - // 4. Required, permitted, or forbidden key usages / extended key usages. - // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. - // 6. Whether or not requests for CA certificates are allowed. - signerName: string @go(SignerName) @protobuf(7,bytes,opt) - - // expirationSeconds is the requested duration of validity of the issued - // certificate. The certificate signer may issue a certificate with a different - // validity duration so a client must check the delta between the notBefore and - // and notAfter fields in the issued certificate to determine the actual duration. - // - // The v1.22+ in-tree implementations of the well-known Kubernetes signers will - // honor this field as long as the requested duration is not greater than the - // maximum duration they will honor per the --cluster-signing-duration CLI - // flag to the Kubernetes controller manager. - // - // Certificate signers may not honor this field for various reasons: - // - // 1. Old signer that is unaware of the field (such as the in-tree - // implementations prior to v1.22) - // 2. Signer whose configured maximum is shorter than the requested duration - // 3. Signer whose configured minimum is longer than the requested duration - // - // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. - // - // +optional - expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt) - - // usages specifies a set of key usages requested in the issued certificate. - // - // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". - // - // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". - // - // Valid values are: - // "signing", "digital signature", "content commitment", - // "key encipherment", "key agreement", "data encipherment", - // "cert sign", "crl sign", "encipher only", "decipher only", "any", - // "server auth", "client auth", - // "code signing", "email protection", "s/mime", - // "ipsec end system", "ipsec tunnel", "ipsec user", - // "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" - // +listType=atomic - usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt) - - // username contains the name of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - username?: string @go(Username) @protobuf(2,bytes,opt) - - // uid contains the uid of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - uid?: string @go(UID) @protobuf(3,bytes,opt) - - // groups contains group membership of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +listType=atomic - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // extra contains extra attributes of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep) -} - -// "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client" - -// "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver. -// Can be auto-approved by the "csrapproving" controller in kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet" - -// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, -// which kube-apiserver can connect to securely. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeletServingSignerName: "kubernetes.io/kubelet-serving" - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// CertificateSigningRequestStatus contains conditions used to indicate -// approved/denied/failed status of the request, and the issued certificate. -#CertificateSigningRequestStatus: { - // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed". - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep) - - // certificate is populated with an issued certificate by the signer after an Approved condition is present. - // This field is set via the /status subresource. Once populated, this field is immutable. - // - // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. - // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. - // - // Validation requirements: - // 1. certificate must contain one or more PEM blocks. - // 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data - // must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. - // 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, - // to allow for explanatory text as described in section 5.2 of RFC7468. - // - // If more than one PEM block is present, and the definition of the requested spec.signerName - // does not indicate otherwise, the first block is the issued certificate, - // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. - // - // The certificate is encoded in PEM format. - // - // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: - // - // base64( - // -----BEGIN CERTIFICATE----- - // ... - // -----END CERTIFICATE----- - // ) - // - // +listType=atomic - // +optional - certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt) -} - -// RequestConditionType is the type of a CertificateSigningRequestCondition -#RequestConditionType: string // #enumRequestConditionType - -#enumRequestConditionType: - #CertificateApproved | - #CertificateDenied | - #CertificateFailed - -// Approved indicates the request was approved and should be issued by the signer. -#CertificateApproved: #RequestConditionType & "Approved" - -// Denied indicates the request was denied and should not be issued by the signer. -#CertificateDenied: #RequestConditionType & "Denied" - -// Failed indicates the signer failed to issue the certificate. -#CertificateFailed: #RequestConditionType & "Failed" - -// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object -#CertificateSigningRequestCondition: { - // type of the condition. Known conditions are "Approved", "Denied", and "Failed". - // - // An "Approved" condition is added via the /approval subresource, - // indicating the request was approved and should be issued by the signer. - // - // A "Denied" condition is added via the /approval subresource, - // indicating the request was denied and should not be issued by the signer. - // - // A "Failed" condition is added via the /status subresource, - // indicating the signer failed to issue the certificate. - // - // Approved and Denied conditions are mutually exclusive. - // Approved, Denied, and Failed conditions cannot be removed once added. - // - // Only one condition of a given type is allowed. - type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType) - - // status of the condition, one of True, False, Unknown. - // Approved, Denied, and Failed conditions may not be "False" or "Unknown". - status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // reason indicates a brief reason for the request state - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // message contains a human readable message with details about the request state - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // lastUpdateTime is the time of the last update to this condition - // +optional - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt) - - // lastTransitionTime is the time the condition last transitioned from one status to another. - // If unset, when a new condition type is added or an existing condition's status is changed, - // the server defaults this to the current time. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt) -} - -// CertificateSigningRequestList is a collection of CertificateSigningRequest objects -#CertificateSigningRequestList: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a collection of CertificateSigningRequest objects - items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep) -} - -// KeyUsage specifies valid usage contexts for keys. -// See: -// -// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 -// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 -// -// +enum -#KeyUsage: string // #enumKeyUsage - -#enumKeyUsage: - #UsageSigning | - #UsageDigitalSignature | - #UsageContentCommitment | - #UsageKeyEncipherment | - #UsageKeyAgreement | - #UsageDataEncipherment | - #UsageCertSign | - #UsageCRLSign | - #UsageEncipherOnly | - #UsageDecipherOnly | - #UsageAny | - #UsageServerAuth | - #UsageClientAuth | - #UsageCodeSigning | - #UsageEmailProtection | - #UsageSMIME | - #UsageIPsecEndSystem | - #UsageIPsecTunnel | - #UsageIPsecUser | - #UsageTimestamping | - #UsageOCSPSigning | - #UsageMicrosoftSGC | - #UsageNetscapeSGC - -#UsageSigning: #KeyUsage & "signing" -#UsageDigitalSignature: #KeyUsage & "digital signature" -#UsageContentCommitment: #KeyUsage & "content commitment" -#UsageKeyEncipherment: #KeyUsage & "key encipherment" -#UsageKeyAgreement: #KeyUsage & "key agreement" -#UsageDataEncipherment: #KeyUsage & "data encipherment" -#UsageCertSign: #KeyUsage & "cert sign" -#UsageCRLSign: #KeyUsage & "crl sign" -#UsageEncipherOnly: #KeyUsage & "encipher only" -#UsageDecipherOnly: #KeyUsage & "decipher only" -#UsageAny: #KeyUsage & "any" -#UsageServerAuth: #KeyUsage & "server auth" -#UsageClientAuth: #KeyUsage & "client auth" -#UsageCodeSigning: #KeyUsage & "code signing" -#UsageEmailProtection: #KeyUsage & "email protection" -#UsageSMIME: #KeyUsage & "s/mime" -#UsageIPsecEndSystem: #KeyUsage & "ipsec end system" -#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel" -#UsageIPsecUser: #KeyUsage & "ipsec user" -#UsageTimestamping: #KeyUsage & "timestamping" -#UsageOCSPSigning: #KeyUsage & "ocsp signing" -#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc" -#UsageNetscapeSGC: #KeyUsage & "netscape sgc" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue deleted file mode 100644 index d0a257d5..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -#GroupName: "coordination.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue deleted file mode 100644 index de2c7412..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue +++ /dev/null @@ -1,61 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Lease defines a lease concept. -#Lease: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the specification of the Lease. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LeaseSpec is a specification of a Lease. -#LeaseSpec: { - // holderIdentity contains the identity of the holder of a current lease. - // +optional - holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt) - - // leaseDurationSeconds is a duration that candidates for a lease need - // to wait to force acquire it. This is measure against time of last - // observed renewTime. - // +optional - leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt) - - // acquireTime is a time when the current lease was acquired. - // +optional - acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt) - - // renewTime is a time when the current holder of a lease has last - // updated the lease. - // +optional - renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt) - - // leaseTransitions is the number of transitions of a lease between - // holders. - // +optional - leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt) -} - -// LeaseList is a list of Lease objects. -#LeaseList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a302790..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abc..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c09733..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue deleted file mode 100644 index 19a7d631..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -#GroupName: "discovery.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue deleted file mode 100644 index 144ef53e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// EndpointSlice represents a subset of the endpoints that implement a service. -// For a given service there may be multiple EndpointSlice objects, selected by -// labels, which must be joined to produce the full set of endpoints. -#EndpointSlice: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // addressType specifies the type of address carried by this EndpointSlice. - // All addresses in this slice must be the same type. This field is - // immutable after creation. The following address types are currently - // supported: - // * IPv4: Represents an IPv4 Address. - // * IPv6: Represents an IPv6 Address. - // * FQDN: Represents a Fully Qualified Domain Name. - addressType: #AddressType @go(AddressType) @protobuf(4,bytes,rep) - - // endpoints is a list of unique endpoints in this slice. Each slice may - // include a maximum of 1000 endpoints. - // +listType=atomic - endpoints: [...#Endpoint] @go(Endpoints,[]Endpoint) @protobuf(2,bytes,rep) - - // ports specifies the list of network ports exposed by each endpoint in - // this slice. Each port must have a unique name. When ports is empty, it - // indicates that there are no defined ports. When a port is defined with a - // nil port value, it indicates "all ports". Each slice may include a - // maximum of 100 ports. - // +optional - // +listType=atomic - ports: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// AddressType represents the type of address referred to by an endpoint. -// +enum -#AddressType: string // #enumAddressType - -#enumAddressType: - #AddressTypeIPv4 | - #AddressTypeIPv6 | - #AddressTypeFQDN - -// AddressTypeIPv4 represents an IPv4 Address. -#AddressTypeIPv4: #AddressType & "IPv4" - -// AddressTypeIPv6 represents an IPv6 Address. -#AddressTypeIPv6: #AddressType & "IPv6" - -// AddressTypeFQDN represents a FQDN. -#AddressTypeFQDN: #AddressType & "FQDN" - -// Endpoint represents a single logical "backend" implementing a service. -#Endpoint: { - // addresses of this endpoint. The contents of this field are interpreted - // according to the corresponding EndpointSlice addressType field. Consumers - // must handle different types of addresses in the context of their own - // capabilities. This must contain at least one address but no more than - // 100. These are all assumed to be fungible and clients may choose to only - // use the first element. Refer to: https://issue.k8s.io/106267 - // +listType=set - addresses: [...string] @go(Addresses,[]string) @protobuf(1,bytes,rep) - - // conditions contains information about the current status of the endpoint. - conditions?: #EndpointConditions @go(Conditions) @protobuf(2,bytes,opt) - - // hostname of this endpoint. This field may be used by consumers of - // endpoints to distinguish endpoints from each other (e.g. in DNS names). - // Multiple endpoints which use the same hostname should be considered - // fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS - // Label (RFC 1123) validation. - // +optional - hostname?: null | string @go(Hostname,*string) @protobuf(3,bytes,opt) - - // targetRef is a reference to a Kubernetes object that represents this - // endpoint. - // +optional - targetRef?: null | v1.#ObjectReference @go(TargetRef,*v1.ObjectReference) @protobuf(4,bytes,opt) - - // deprecatedTopology contains topology information part of the v1beta1 - // API. This field is deprecated, and will be removed when the v1beta1 - // API is removed (no sooner than kubernetes v1.24). While this field can - // hold values, it is not writable through the v1 API, and any attempts to - // write to it will be silently ignored. Topology information can be found - // in the zone and nodeName fields instead. - // +optional - deprecatedTopology?: {[string]: string} @go(DeprecatedTopology,map[string]string) @protobuf(5,bytes,opt) - - // nodeName represents the name of the Node hosting this endpoint. This can - // be used to determine endpoints local to a Node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(6,bytes,opt) - - // zone is the name of the Zone this endpoint exists in. - // +optional - zone?: null | string @go(Zone,*string) @protobuf(7,bytes,opt) - - // hints contains information associated with how an endpoint should be - // consumed. - // +optional - hints?: null | #EndpointHints @go(Hints,*EndpointHints) @protobuf(8,bytes,opt) -} - -// EndpointConditions represents the current condition of an endpoint. -#EndpointConditions: { - // ready indicates that this endpoint is prepared to receive traffic, - // according to whatever system is managing the endpoint. A nil value - // indicates an unknown state. In most cases consumers should interpret this - // unknown state as ready. For compatibility reasons, ready should never be - // "true" for terminating endpoints, except when the normal readiness - // behavior is being explicitly overridden, for example when the associated - // Service has set the publishNotReadyAddresses flag. - // +optional - ready?: null | bool @go(Ready,*bool) @protobuf(1,bytes) - - // serving is identical to ready except that it is set regardless of the - // terminating state of endpoints. This condition should be set to true for - // a ready endpoint that is terminating. If nil, consumers should defer to - // the ready condition. - // +optional - serving?: null | bool @go(Serving,*bool) @protobuf(2,bytes) - - // terminating indicates that this endpoint is terminating. A nil value - // indicates an unknown state. Consumers should interpret this unknown state - // to mean that the endpoint is not terminating. - // +optional - terminating?: null | bool @go(Terminating,*bool) @protobuf(3,bytes) -} - -// EndpointHints provides hints describing how an endpoint should be consumed. -#EndpointHints: { - // forZones indicates the zone(s) this endpoint should be consumed by to - // enable topology aware routing. - // +listType=atomic - forZones?: [...#ForZone] @go(ForZones,[]ForZone) @protobuf(1,bytes) -} - -// ForZone provides information about which zones should consume this endpoint. -#ForZone: { - // name represents the name of the zone. - name: string @go(Name) @protobuf(1,bytes) -} - -// EndpointPort represents a Port used by an EndpointSlice -// +structType=atomic -#EndpointPort: { - // name represents the name of this port. All ports in an EndpointSlice must have a unique name. - // If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. - // Name must either be an empty string or pass DNS_LABEL validation: - // * must be no more than 63 characters long. - // * must consist of lower case alphanumeric characters or '-'. - // * must start and end with an alphanumeric character. - // Default is empty string. - name?: null | string @go(Name,*string) @protobuf(1,bytes) - - // protocol represents the IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(2,bytes) - - // port represents the port number of the endpoint. - // If this is not specified, ports are not restricted and must be - // interpreted in the context of the specific consumer. - port?: null | int32 @go(Port,*int32) @protobuf(3,bytes,opt) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes) -} - -// EndpointSliceList represents a list of endpoint slices -#EndpointSliceList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of endpoint slices - items: [...#EndpointSlice] @go(Items,[]EndpointSlice) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 9c40d30e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,20 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -// LabelServiceName is used to indicate the name of a Kubernetes service. -#LabelServiceName: "kubernetes.io/service-name" - -// LabelManagedBy is used to indicate the controller or entity that manages -// an EndpointSlice. This label aims to enable different EndpointSlice -// objects to be managed by different controllers or entities within the -// same cluster. It is highly recommended to configure this label for all -// EndpointSlices. -#LabelManagedBy: "endpointslice.kubernetes.io/managed-by" - -// LabelSkipMirror can be set to true on an Endpoints resource to indicate -// that the EndpointSliceMirroring controller should not mirror this -// resource with EndpointSlices. -#LabelSkipMirror: "endpointslice.kubernetes.io/skip-mirror" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue deleted file mode 100644 index c4138c1c..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -#GroupName: "events.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue deleted file mode 100644 index 47acc8fc..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue +++ /dev/null @@ -1,111 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. -// Events have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // eventTime is the time when this Event was first observed. It is required. - eventTime: metav1.#MicroTime @go(EventTime) @protobuf(2,bytes,opt) - - // series is data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(3,bytes,opt) - - // reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // This field cannot be empty for new Events. - reportingController?: string @go(ReportingController) @protobuf(4,bytes,opt) - - // reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. - // This field cannot be empty for new Events and it can have at most 128 characters. - reportingInstance?: string @go(ReportingInstance) @protobuf(5,bytes,opt) - - // action is what action was taken/failed regarding to the regarding object. It is machine-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - action?: string @go(Action) @protobuf(6,bytes) - - // reason is why the action was taken. It is human-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - reason?: string @go(Reason) @protobuf(7,bytes) - - // regarding contains the object this Event is about. In most cases it's an Object reporting controller - // implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because - // it acts on some changes in a ReplicaSet object. - // +optional - regarding?: corev1.#ObjectReference @go(Regarding) @protobuf(8,bytes,opt) - - // related is the optional secondary object for more complex actions. E.g. when regarding object triggers - // a creation or deletion of related object. - // +optional - related?: null | corev1.#ObjectReference @go(Related,*corev1.ObjectReference) @protobuf(9,bytes,opt) - - // note is a human-readable description of the status of this operation. - // Maximal length of the note is 1kB, but libraries should be prepared to - // handle values up to 64kB. - // +optional - note?: string @go(Note) @protobuf(10,bytes,opt) - - // type is the type of this event (Normal, Warning), new types could be added in the future. - // It is machine-readable. - // This field cannot be empty for new Events. - type?: string @go(Type) @protobuf(11,bytes,opt) - - // deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedSource?: corev1.#EventSource @go(DeprecatedSource) @protobuf(12,bytes,opt) - - // deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedFirstTimestamp?: metav1.#Time @go(DeprecatedFirstTimestamp) @protobuf(13,bytes,opt) - - // deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedLastTimestamp?: metav1.#Time @go(DeprecatedLastTimestamp) @protobuf(14,bytes,opt) - - // deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedCount?: int32 @go(DeprecatedCount) @protobuf(15,varint,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. How often to update the EventSeries is up to the event reporters. -// The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows -// how this struct is updated on heartbeats and can guide customized reporter implementations. -#EventSeries: { - // count is the number of occurrences in this series up to the last heartbeat time. - count: int32 @go(Count) @protobuf(1,varint,opt) - - // lastObservedTime is the time when last Event from the series was seen before last heartbeat. - lastObservedTime: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes,opt) -} - -// EventList is a list of Event objects. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue deleted file mode 100644 index f1042622..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -#GroupName: "networking.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue deleted file mode 100644 index bbdc7f2b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue +++ /dev/null @@ -1,588 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -#NetworkPolicy: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the desired behavior for this NetworkPolicy. - // +optional - spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PolicyType string describes the NetworkPolicy type -// This type is beta-level in 1.8 -// +enum -#PolicyType: string // #enumPolicyType - -#enumPolicyType: - #PolicyTypeIngress | - #PolicyTypeEgress - -// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods -#PolicyTypeIngress: #PolicyType & "Ingress" - -// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods -#PolicyTypeEgress: #PolicyType & "Egress" - -// NetworkPolicySpec provides the specification of a NetworkPolicy -#NetworkPolicySpec: { - // podSelector selects the pods to which this NetworkPolicy object applies. - // The array of ingress rules is applied to any pods selected by this field. - // Multiple network policies can select the same set of pods. In this case, - // the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt) - - // ingress is a list of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // (and cluster policy otherwise allows the traffic), OR if the traffic source is - // the pod's local node, OR if the traffic matches at least one ingress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy does not allow any traffic (and serves - // solely to ensure that the pods it selects are isolated by default) - // +optional - ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep) - - // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic - // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy - // otherwise allows the traffic), OR if the traffic matches at least one egress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves - // solely to ensure that the pods it selects are isolated by default). - // This field is beta-level in 1.8 - // +optional - egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep) - - // policyTypes is a list of rule types that the NetworkPolicy relates to. - // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. - // If this field is not specified, it will default based on the existence of ingress or egress rules; - // policies that contain an egress section are assumed to affect egress, and all policies - // (whether or not they contain an ingress section) are assumed to affect ingress. - // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. - // Likewise, if you want to write a policy that specifies that no egress is allowed, - // you must specify a policyTypes value that include "Egress" (since such a policy would not include - // an egress section and would otherwise default to just [ "Ingress" ]). - // This field is beta-level in 1.8 - // +optional - policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType) -} - -// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. -#NetworkPolicyIngressRule: { - // ports is a list of ports which should be made accessible on the pods selected for - // this rule. Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // from is a list of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all sources (traffic not restricted by - // source). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the from list. - // +optional - from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. -// This type is beta-level in 1.8 -#NetworkPolicyEgressRule: { - // ports is a list of destination ports for outgoing traffic. - // Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // to is a list of destinations for outgoing traffic of pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all destinations (traffic not restricted by - // destination). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the to list. - // +optional - to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPort describes a port to allow traffic on -#NetworkPolicyPort: { - // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol) - - // port represents the port on the given protocol. This can either be a numerical or named - // port on a pod. If this field is not provided, this matches all port names and - // numbers. - // If present, only traffic on the specified protocol AND port will be matched. - // +optional - port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt) - - // endPort indicates that the range of ports from port to endPort if set, inclusive, - // should be allowed by the policy. This field cannot be defined if the port field - // is not defined or if the port field is defined as a named (string) port. - // The endPort must be equal or greater than port. - // +optional - endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt) -} - -// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed -// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs -// that should not be included within this rule. -#IPBlock: { - // cidr is a string representing the IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - cidr: string @go(CIDR) @protobuf(1,bytes) - - // except is a slice of CIDRs that should not be included within an IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - // Except values will be rejected if they are outside the cidr range - // +optional - except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of -// fields are allowed -#NetworkPolicyPeer: { - // podSelector is a label selector which selects pods. This field follows standard label - // selector semantics; if present but empty, it selects all pods. - // - // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects the pods matching podSelector in the policy's own namespace. - // +optional - podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaceSelector selects namespaces using cluster-scoped labels. This field follows - // standard label selector semantics; if present but empty, it selects all namespaces. - // - // If podSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the namespaces selected by namespaceSelector. - // Otherwise it selects all pods in the namespaces selected by namespaceSelector. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // ipBlock defines policy on a particular IPBlock. If this field is set then - // neither of the other fields can be. - // +optional - ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep) -} - -// NetworkPolicyList is a list of NetworkPolicy objects. -#NetworkPolicyList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep) -} - -// Ingress is a collection of rules that allow inbound connections to reach the -// endpoints defined by a backend. An Ingress can be configured to give services -// externally-reachable urls, load balance traffic, terminate SSL, offer name -// based virtual hosting etc. -#Ingress: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt) -} - -// IngressList is a collection of Ingress. -#IngressList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Ingress. - items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep) -} - -// IngressSpec describes the Ingress the user wishes to exist. -#IngressSpec: { - // ingressClassName is the name of an IngressClass cluster resource. Ingress - // controller implementations use this field to know whether they should be - // serving this Ingress resource, by a transitive connection - // (controller -> IngressClass -> Ingress resource). Although the - // `kubernetes.io/ingress.class` annotation (simple constant name) was never - // formally defined, it was widely supported by Ingress controllers to create - // a direct binding between Ingress controller and Ingress resources. Newly - // created Ingress resources should prefer using the field. However, even - // though the annotation is officially deprecated, for backwards compatibility - // reasons, ingress controllers should still honor that annotation if present. - // +optional - ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt) - - // defaultBackend is the backend that should handle requests that don't - // match any rule. If Rules are not specified, DefaultBackend must be specified. - // If DefaultBackend is not set, the handling of requests that do not match any - // of the rules will be up to the Ingress controller. - // +optional - defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt) - - // tls represents the TLS configuration. Currently the Ingress only supports a - // single TLS port, 443. If multiple members of this list specify different hosts, - // they will be multiplexed on the same port according to the hostname specified - // through the SNI TLS extension, if the ingress controller fulfilling the - // ingress supports SNI. - // +listType=atomic - // +optional - tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep) - - // rules is a list of host rules used to configure the Ingress. If unspecified, - // or no rule matches, all traffic is sent to the default backend. - // +listType=atomic - // +optional - rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep) -} - -// IngressTLS describes the transport layer security associated with an ingress. -#IngressTLS: { - // hosts is a list of hosts included in the TLS certificate. The values in - // this list must match the name/s used in the tlsSecret. Defaults to the - // wildcard host setting for the loadbalancer controller fulfilling this - // Ingress, if left unspecified. - // +listType=atomic - // +optional - hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep) - - // secretName is the name of the secret used to terminate TLS traffic on - // port 443. Field is left optional to allow TLS routing based on SNI - // hostname alone. If the SNI host in a listener conflicts with the "Host" - // header field used by an IngressRule, the SNI host is used for termination - // and value of the "Host" header is used for routing. - // +optional - secretName?: string @go(SecretName) @protobuf(2,bytes,opt) -} - -// IngressStatus describe the current state of the Ingress. -#IngressStatus: { - // loadBalancer contains the current status of the load-balancer. - // +optional - loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) -} - -// IngressLoadBalancerStatus represents the status of a load-balancer. -#IngressLoadBalancerStatus: { - // ingress is a list containing ingress points for the load-balancer. - // +optional - ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. -#IngressLoadBalancerIngress: { - // ip is set for load-balancer ingress points that are IP based. - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // hostname is set for load-balancer ingress points that are DNS based. - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // ports provides information about the ports exposed by this LoadBalancer. - // +listType=atomic - // +optional - ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep) -} - -// IngressPortStatus represents the error condition of a service port -#IngressPortStatus: { - // port is the port number of the ingress port. - port: int32 @go(Port) @protobuf(1,varint,opt) - - // protocol is the protocol of the ingress port. - // The supported values are: "TCP", "UDP", "SCTP" - protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} - -// IngressRule represents the rules mapping the paths under a specified host to -// the related backend services. Incoming requests are first evaluated for a host -// match, then routed to the backend associated with the matching IngressRuleValue. -#IngressRule: { - // host is the fully qualified domain name of a network host, as defined by RFC 3986. - // Note the following deviations from the "host" part of the - // URI as defined in RFC 3986: - // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to - // the IP in the Spec of the parent Ingress. - // 2. The `:` delimiter is not respected because ports are not allowed. - // Currently the port of an Ingress is implicitly :80 for http and - // :443 for https. - // Both these may change in the future. - // Incoming requests are matched against the host before the - // IngressRuleValue. If the host is unspecified, the Ingress routes all - // traffic based on the specified IngressRuleValue. - // - // host can be "precise" which is a domain name without the terminating dot of - // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name - // prefixed with a single wildcard label (e.g. "*.foo.com"). - // The wildcard character '*' must appear by itself as the first DNS label and - // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). - // Requests will be matched against the Host field in the following way: - // 1. If host is precise, the request matches this rule if the http host header is equal to Host. - // 2. If host is a wildcard, then the request matches this rule if the http host header - // is to equal to the suffix (removing the first label) of the wildcard rule. - // +optional - host?: string @go(Host) @protobuf(1,bytes,opt) - - #IngressRuleValue -} - -// IngressRuleValue represents a rule to apply against incoming requests. If the -// rule is satisfied, the request is routed to the specified backend. Currently -// mixing different types of rules in a single Ingress is disallowed, so exactly -// one of the following must be set. -#IngressRuleValue: { - // +optional - http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt) -} - -// HTTPIngressRuleValue is a list of http selectors pointing to backends. -// In the example: http:///? -> backend where -// where parts of the url correspond to RFC 3986, this resource will be used -// to match against everything after the last '/' and before the first '?' -// or '#'. -#HTTPIngressRuleValue: { - // paths is a collection of paths that map requests to backends. - // +listType=atomic - paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep) -} - -// PathType represents the type of path referred to by a HTTPIngressPath. -// +enum -#PathType: string // #enumPathType - -#enumPathType: - #PathTypeExact | - #PathTypePrefix | - #PathTypeImplementationSpecific - -// PathTypeExact matches the URL path exactly and with case sensitivity. -#PathTypeExact: #PathType & "Exact" - -// PathTypePrefix matches based on a URL path prefix split by '/'. Matching -// is case sensitive and done on a path element by element basis. A path -// element refers to the list of labels in the path split by the '/' -// separator. A request is a match for path p if every p is an element-wise -// prefix of p of the request path. Note that if the last element of the -// path is a substring of the last element in request path, it is not a -// match (e.g. /foo/bar matches /foo/bar/baz, but does not match -// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the -// longest matching path is given priority. -// Examples: -// - /foo/bar does not match requests to /foo/barbaz -// - /foo/bar matches request to /foo/bar and /foo/bar/baz -// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are -// present in an Ingress spec, the longest matching path (/foo/) is given -// priority. -#PathTypePrefix: #PathType & "Prefix" - -// PathTypeImplementationSpecific matching is up to the IngressClass. -// Implementations can treat this as a separate PathType or treat it -// identically to Prefix or Exact path types. -#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific" - -// HTTPIngressPath associates a path with a backend. Incoming urls matching the -// path are forwarded to the backend. -#HTTPIngressPath: { - // path is matched against the path of an incoming request. Currently it can - // contain characters disallowed from the conventional "path" part of a URL - // as defined by RFC 3986. Paths must begin with a '/' and must be present - // when using PathType with value "Exact" or "Prefix". - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // pathType determines the interpretation of the path matching. PathType can - // be one of the following values: - // * Exact: Matches the URL path exactly. - // * Prefix: Matches based on a URL path prefix split by '/'. Matching is - // done on a path element by element basis. A path element refers is the - // list of labels in the path split by the '/' separator. A request is a - // match for path p if every p is an element-wise prefix of p of the - // request path. Note that if the last element of the path is a substring - // of the last element in request path, it is not a match (e.g. /foo/bar - // matches /foo/bar/baz, but does not match /foo/barbaz). - // * ImplementationSpecific: Interpretation of the Path matching is up to - // the IngressClass. Implementations can treat this as a separate PathType - // or treat it identically to Prefix or Exact path types. - // Implementations are required to support all path types. - pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt) - - // backend defines the referenced service endpoint to which the traffic - // will be forwarded to. - backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt) -} - -// IngressBackend describes all endpoints for a given service and port. -#IngressBackend: { - // service references a service as a backend. - // This is a mutually exclusive setting with "Resource". - // +optional - service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt) - - // resource is an ObjectRef to another Kubernetes resource in the namespace - // of the Ingress object. If resource is specified, a service.Name and - // service.Port must not be specified. - // This is a mutually exclusive setting with "Service". - // +optional - resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt) -} - -// IngressServiceBackend references a Kubernetes Service as a Backend. -#IngressServiceBackend: { - // name is the referenced service. The service must exist in - // the same namespace as the Ingress object. - name: string @go(Name) @protobuf(1,bytes,opt) - - // port of the referenced service. A port name or port number - // is required for a IngressServiceBackend. - port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt) -} - -// ServiceBackendPort is the service port being referenced. -#ServiceBackendPort: { - // name is the name of the port on the Service. - // This is a mutually exclusive setting with "Number". - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // number is the numerical port number (e.g. 80) on the Service. - // This is a mutually exclusive setting with "Name". - // +optional - number?: int32 @go(Number) @protobuf(2,bytes,opt) -} - -// IngressClass represents the class of the Ingress, referenced by the Ingress -// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be -// used to indicate that an IngressClass should be considered default. When a -// single IngressClass resource has this annotation set to true, new Ingress -// resources without a class specified will be assigned this default class. -#IngressClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the IngressClass. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// IngressClassSpec provides information about the class of an Ingress. -#IngressClassSpec: { - // controller refers to the name of the controller that should handle this - // class. This allows for different "flavors" that are controlled by the - // same controller. For example, you may have different parameters for the - // same implementing controller. This should be specified as a - // domain-prefixed path no more than 250 characters in length, e.g. - // "acme.io/ingress-controller". This field is immutable. - controller?: string @go(Controller) @protobuf(1,bytes,opt) - - // parameters is a link to a custom resource containing additional - // configuration for the controller. This is optional if the controller does - // not require extra parameters. - // +optional - parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt) -} - -// IngressClassParametersReferenceScopeNamespace indicates that the -// referenced Parameters resource is namespace-scoped. -#IngressClassParametersReferenceScopeNamespace: "Namespace" - -// IngressClassParametersReferenceScopeCluster indicates that the -// referenced Parameters resource is cluster-scoped. -#IngressClassParametersReferenceScopeCluster: "Cluster" - -// IngressClassParametersReference identifies an API object. This can be used -// to specify a cluster or namespace-scoped resource. -#IngressClassParametersReference: { - // apiGroup is the group for the resource being referenced. If APIGroup is - // not specified, the specified Kind must be in the core API group. For any - // other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup) - - // kind is the type of resource being referenced. - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // name is the name of resource being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // scope represents if this refers to a cluster or namespace scoped resource. - // This may be set to "Cluster" (default) or "Namespace". - // +optional - scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt) - - // namespace is the namespace of the resource being referenced. This field is - // required when scope is set to "Namespace" and must be unset when scope is set to - // "Cluster". - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt) -} - -// IngressClassList is a collection of IngressClasses. -#IngressClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of IngressClasses. - items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue deleted file mode 100644 index bee74f4b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue +++ /dev/null @@ -1,11 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -// AnnotationIsDefaultIngressClass can be used to indicate that an -// IngressClass should be considered default. When a single IngressClass -// resource has this annotation set to true, new Ingress resources without a -// class specified will be assigned this default class. -#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue deleted file mode 100644 index 5969b44f..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -#GroupName: "node.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue deleted file mode 100644 index 3934557c..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// RuntimeClass defines a class of container runtime supported in the cluster. -// The RuntimeClass is used to determine which container runtime is used to run -// all containers in a pod. RuntimeClasses are manually defined by a -// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is -// responsible for resolving the RuntimeClassName reference before running the -// pod. For more details, see -// https://kubernetes.io/docs/concepts/containers/runtime-class/ -#RuntimeClass: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // handler specifies the underlying runtime and configuration that the CRI - // implementation will use to handle pods of this class. The possible values - // are specific to the node & CRI configuration. It is assumed that all - // handlers are available on every node, and handlers of the same name are - // equivalent on every node. - // For example, a handler called "runc" might specify that the runc OCI - // runtime (using native Linux containers) will be used to run the containers - // in a pod. - // The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, - // and is immutable. - handler: string @go(Handler) @protobuf(2,bytes,opt) - - // overhead represents the resource overhead associated with running a pod for a - // given RuntimeClass. For more details, see - // https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ - // +optional - overhead?: null | #Overhead @go(Overhead,*Overhead) @protobuf(3,bytes,opt) - - // scheduling holds the scheduling constraints to ensure that pods running - // with this RuntimeClass are scheduled to nodes that support it. - // If scheduling is nil, this RuntimeClass is assumed to be supported by all - // nodes. - // +optional - scheduling?: null | #Scheduling @go(Scheduling,*Scheduling) @protobuf(4,bytes,opt) -} - -// Overhead structure represents the resource overhead associated with running a pod. -#Overhead: { - // podFixed represents the fixed resource overhead associated with running a pod. - // +optional - podFixed?: corev1.#ResourceList @go(PodFixed) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName,castvalue=k8s.io/apimachinery/pkg/api/resource.Quantity) -} - -// Scheduling specifies the scheduling constraints for nodes supporting a -// RuntimeClass. -#Scheduling: { - // nodeSelector lists labels that must be present on nodes that support this - // RuntimeClass. Pods using this RuntimeClass can only be scheduled to a - // node matched by this selector. The RuntimeClass nodeSelector is merged - // with a pod's existing nodeSelector. Any conflicts will cause the pod to - // be rejected in admission. - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(1,bytes,opt) - - // tolerations are appended (excluding duplicates) to pods running with this - // RuntimeClass during admission, effectively unioning the set of nodes - // tolerated by the pod and the RuntimeClass. - // +optional - // +listType=atomic - tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration) @protobuf(2,bytes,rep) -} - -// RuntimeClassList is a list of RuntimeClass objects. -#RuntimeClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#RuntimeClass] @go(Items,[]RuntimeClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue deleted file mode 100644 index dedcdc34..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue +++ /dev/null @@ -1,8 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -// Package policy is for any kind of policy object. Suitable examples, even if -// they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, -// NetworkPolicy, etc. -package v1 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue deleted file mode 100644 index e38fa373..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -#GroupName: "policy" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue deleted file mode 100644 index 5901cc6d..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue +++ /dev/null @@ -1,204 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -#DisruptionBudgetCause: metav1.#CauseType & "DisruptionBudget" - -// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. -#PodDisruptionBudgetSpec: { - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - minAvailable?: null | intstr.#IntOrString @go(MinAvailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // Label query over pods whose evictions are managed by the disruption - // budget. - // A null selector will match no pods, while an empty ({}) selector will select - // all pods within the namespace. - // +patchStrategy=replace - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(3,bytes,opt) - - // UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - // should be considered for eviction. Current implementation considers healthy pods, - // as pods that have status.conditions item with type="Ready",status="True". - // - // Valid policies are IfHealthyBudget and AlwaysAllow. - // If no policy is specified, the default behavior will be used, - // which corresponds to the IfHealthyBudget policy. - // - // IfHealthyBudget policy means that running pods (status.phase="Running"), - // but not yet healthy can be evicted only if the guarded application is not - // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - // Healthy pods will be subject to the PDB for eviction. - // - // AlwaysAllow policy means that all running pods (status.phase="Running"), - // but not yet healthy are considered disrupted and can be evicted regardless - // of whether the criteria in a PDB is met. This means perspective running - // pods of a disrupted application might not get a chance to become healthy. - // Healthy pods will be subject to the PDB for eviction. - // - // Additional policies may be added in the future. - // Clients making eviction decisions should disallow eviction of unhealthy pods - // if they encounter an unrecognized policy in this field. - // - // This field is beta-level. The eviction API uses this field when - // the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). - // +optional - unhealthyPodEvictionPolicy?: null | #UnhealthyPodEvictionPolicyType @go(UnhealthyPodEvictionPolicy,*UnhealthyPodEvictionPolicyType) @protobuf(4,bytes,opt) -} - -// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods -// should be considered for eviction. -// +enum -#UnhealthyPodEvictionPolicyType: string // #enumUnhealthyPodEvictionPolicyType - -#enumUnhealthyPodEvictionPolicyType: - #IfHealthyBudget | - #AlwaysAllow - -// IfHealthyBudget policy means that running pods (status.phase="Running"), -// but not yet healthy can be evicted only if the guarded application is not -// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). -// Healthy pods will be subject to the PDB for eviction. -#IfHealthyBudget: #UnhealthyPodEvictionPolicyType & "IfHealthyBudget" - -// AlwaysAllow policy means that all running pods (status.phase="Running"), -// but not yet healthy are considered disrupted and can be evicted regardless -// of whether the criteria in a PDB is met. This means perspective running -// pods of a disrupted application might not get a chance to become healthy. -// Healthy pods will be subject to the PDB for eviction. -#AlwaysAllow: #UnhealthyPodEvictionPolicyType & "AlwaysAllow" - -// PodDisruptionBudgetStatus represents information about the status of a -// PodDisruptionBudget. Status may trail the actual state of a system. -#PodDisruptionBudgetStatus: { - // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other - // status information is valid only if observedGeneration equals to PDB's object generation. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // DisruptedPods contains information about pods whose eviction was - // processed by the API server eviction subresource handler but has not - // yet been observed by the PodDisruptionBudget controller. - // A pod will be in this map from the time when the API server processed the - // eviction request to the time when the pod is seen by PDB controller - // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod - // and the value is the time when the API server processed the eviction request. If - // the deletion didn't occur and a pod is still there it will be removed from - // the list automatically by PodDisruptionBudget controller after some time. - // If everything goes smooth this map should be empty for the most of the time. - // Large number of entries in the map may indicate problems with pod deletions. - // +optional - disruptedPods?: {[string]: metav1.#Time} @go(DisruptedPods,map[string]metav1.Time) @protobuf(2,bytes,rep) - - // Number of pod disruptions that are currently allowed. - disruptionsAllowed: int32 @go(DisruptionsAllowed) @protobuf(3,varint,opt) - - // current number of healthy pods - currentHealthy: int32 @go(CurrentHealthy) @protobuf(4,varint,opt) - - // minimum desired number of healthy pods - desiredHealthy: int32 @go(DesiredHealthy) @protobuf(5,varint,opt) - - // total number of pods counted by this disruption budget - expectedPods: int32 @go(ExpectedPods) @protobuf(6,varint,opt) - - // Conditions contain conditions for PDB. The disruption controller sets the - // DisruptionAllowed condition. The following are known values for the reason field - // (additional reasons could be added in the future): - // - SyncFailed: The controller encountered an error and wasn't able to compute - // the number of allowed disruptions. Therefore no disruptions are - // allowed and the status of the condition will be False. - // - InsufficientPods: The number of pods are either at or below the number - // required by the PodDisruptionBudget. No disruptions are - // allowed and the status of the condition will be False. - // - SufficientPods: There are more pods than required by the PodDisruptionBudget. - // The condition will be True, and the number of allowed - // disruptions are provided by the disruptionsAllowed property. - // - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(7,bytes,rep) -} - -// DisruptionAllowedCondition is a condition set by the disruption controller -// that signal whether any of the pods covered by the PDB can be disrupted. -#DisruptionAllowedCondition: "DisruptionAllowed" - -// SyncFailedReason is set on the DisruptionAllowed condition if reconcile -// of the PDB failed and therefore disruption of pods are not allowed. -#SyncFailedReason: "SyncFailed" - -// SufficientPodsReason is set on the DisruptionAllowed condition if there are -// more pods covered by the PDB than required and at least one can be disrupted. -#SufficientPodsReason: "SufficientPods" - -// InsufficientPodsReason is set on the DisruptionAllowed condition if the number -// of pods are equal to or fewer than required by the PDB. -#InsufficientPodsReason: "InsufficientPods" - -// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods -#PodDisruptionBudget: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the PodDisruptionBudget. - // +optional - spec?: #PodDisruptionBudgetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the PodDisruptionBudget. - // +optional - status?: #PodDisruptionBudgetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodDisruptionBudgetList is a collection of PodDisruptionBudgets. -#PodDisruptionBudgetList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of PodDisruptionBudgets - items: [...#PodDisruptionBudget] @go(Items,[]PodDisruptionBudget) @protobuf(2,bytes,rep) -} - -// Eviction evicts a pod from its node subject to certain policies and safety constraints. -// This is a subresource of Pod. A request to cause such an eviction is -// created by POSTing to .../pods//evictions. -#Eviction: { - metav1.#TypeMeta - - // ObjectMeta describes the pod that is being evicted. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // DeleteOptions may be provided - // +optional - deleteOptions?: null | metav1.#DeleteOptions @go(DeleteOptions,*metav1.DeleteOptions) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue deleted file mode 100644 index 1c83e8b4..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -#GroupName: "rbac.authorization.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue deleted file mode 100644 index 521e355e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue +++ /dev/null @@ -1,207 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -#APIGroupAll: "*" -#ResourceAll: "*" -#VerbAll: "*" -#NonResourceAll: "*" -#GroupKind: "Group" -#ServiceAccountKind: "ServiceAccount" -#UserKind: "User" - -// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" -#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate" - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -#PolicyRule: { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. '*' represents all resources. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep) -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -// +structType=atomic -#Subject: { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - // +optional - apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup) - - // Name of the object being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - // +optional - namespace?: string @go(Namespace) @protobuf(4,bytes,opt) -} - -// RoleRef contains information that points to the role being used -// +structType=atomic -#RoleRef: { - // APIGroup is the group for the resource being referenced - apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -#Role: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this Role - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) -} - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -#RoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// RoleBindingList is a collection of RoleBindings -#RoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of RoleBindings - items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep) -} - -// RoleList is a collection of Roles -#RoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of Roles - items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep) -} - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -#ClusterRole: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this ClusterRole - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) - - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - // +optional - aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt) -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -#AggregationRule: { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - // +optional - clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep) -} - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -#ClusterRoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -#ClusterRoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoleBindings - items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep) -} - -// ClusterRoleList is a collection of ClusterRoles -#ClusterRoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoles - items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue deleted file mode 100644 index 8cc2b5f2..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -#GroupName: "scheduling.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue deleted file mode 100644 index 1d8f9574..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue +++ /dev/null @@ -1,57 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - apiv1 "k8s.io/api/core/v1" -) - -// PriorityClass defines mapping from a priority class name to the priority -// integer value. The value can be any valid integer. -#PriorityClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // value represents the integer value of this priority class. This is the actual priority that pods - // receive when they have the name of this class in their pod spec. - value: int32 @go(Value) @protobuf(2,bytes,opt) - - // globalDefault specifies whether this PriorityClass should be considered as - // the default priority for pods that do not have any priority class. - // Only one PriorityClass can be marked as `globalDefault`. However, if more than - // one PriorityClasses exists with their `globalDefault` field set to true, - // the smallest value of such global default PriorityClasses will be used as the default priority. - // +optional - globalDefault?: bool @go(GlobalDefault) @protobuf(3,bytes,opt) - - // description is an arbitrary string that usually provides guidelines on - // when this priority class should be used. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // preemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | apiv1.#PreemptionPolicy @go(PreemptionPolicy,*apiv1.PreemptionPolicy) @protobuf(5,bytes,opt) -} - -// PriorityClassList is a collection of priority classes. -#PriorityClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of PriorityClasses - items: [...#PriorityClass] @go(Items,[]PriorityClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue deleted file mode 100644 index 641ce60c..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -#GroupName: "storage.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue deleted file mode 100644 index b5158650..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue +++ /dev/null @@ -1,652 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// StorageClass describes the parameters for a class of storage for -// which PersistentVolumes can be dynamically provisioned. -// -// StorageClasses are non-namespaced; the name of the storage class -// according to etcd is in ObjectMeta.Name. -#StorageClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // provisioner indicates the type of the provisioner. - provisioner: string @go(Provisioner) @protobuf(2,bytes,opt) - - // parameters holds the parameters for the provisioner that should - // create volumes of this storage class. - // +optional - parameters?: {[string]: string} @go(Parameters,map[string]string) @protobuf(3,bytes,rep) - - // reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. - // Defaults to Delete. - // +optional - reclaimPolicy?: null | v1.#PersistentVolumeReclaimPolicy @go(ReclaimPolicy,*v1.PersistentVolumeReclaimPolicy) @protobuf(4,bytes,opt,casttype=k8s.io/api/core/v1.PersistentVolumeReclaimPolicy) - - // mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. - // e.g. ["ro", "soft"]. Not validated - - // mount of the PVs will simply fail if one is invalid. - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(5,bytes,opt) - - // allowVolumeExpansion shows whether the storage class allow volume expand. - // +optional - allowVolumeExpansion?: null | bool @go(AllowVolumeExpansion,*bool) @protobuf(6,varint,opt) - - // volumeBindingMode indicates how PersistentVolumeClaims should be - // provisioned and bound. When unset, VolumeBindingImmediate is used. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - volumeBindingMode?: null | #VolumeBindingMode @go(VolumeBindingMode,*VolumeBindingMode) @protobuf(7,bytes,opt) - - // allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. - // Each volume plugin defines its own supported topology specifications. - // An empty TopologySelectorTerm list means there is no topology restriction. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - // +listType=atomic - allowedTopologies?: [...v1.#TopologySelectorTerm] @go(AllowedTopologies,[]v1.TopologySelectorTerm) @protobuf(8,bytes,rep) -} - -// StorageClassList is a collection of storage classes. -#StorageClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of StorageClasses - items: [...#StorageClass] @go(Items,[]StorageClass) @protobuf(2,bytes,rep) -} - -// VolumeBindingMode indicates how PersistentVolumeClaims should be bound. -// +enum -#VolumeBindingMode: string // #enumVolumeBindingMode - -#enumVolumeBindingMode: - #VolumeBindingImmediate | - #VolumeBindingWaitForFirstConsumer - -// VolumeBindingImmediate indicates that PersistentVolumeClaims should be -// immediately provisioned and bound. This is the default mode. -#VolumeBindingImmediate: #VolumeBindingMode & "Immediate" - -// VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims -// should not be provisioned and bound until the first Pod is created that -// references the PeristentVolumeClaim. The volume provisioning and -// binding will occur during Pod scheduing. -#VolumeBindingWaitForFirstConsumer: #VolumeBindingMode & "WaitForFirstConsumer" - -// VolumeAttachment captures the intent to attach or detach the specified volume -// to/from the specified node. -// -// VolumeAttachment objects are non-namespaced. -#VolumeAttachment: { - metav1.#TypeMeta - - // Standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents specification of the desired attach/detach volume behavior. - // Populated by the Kubernetes system. - spec: #VolumeAttachmentSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents status of the VolumeAttachment request. - // Populated by the entity completing the attach or detach - // operation, i.e. the external-attacher. - // +optional - status?: #VolumeAttachmentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentList is a collection of VolumeAttachment objects. -#VolumeAttachmentList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of VolumeAttachments - items: [...#VolumeAttachment] @go(Items,[]VolumeAttachment) @protobuf(2,bytes,rep) -} - -// VolumeAttachmentSpec is the specification of a VolumeAttachment request. -#VolumeAttachmentSpec: { - // attacher indicates the name of the volume driver that MUST handle this - // request. This is the name returned by GetPluginName(). - attacher: string @go(Attacher) @protobuf(1,bytes,opt) - - // source represents the volume that should be attached. - source: #VolumeAttachmentSource @go(Source) @protobuf(2,bytes,opt) - - // nodeName represents the node that the volume should be attached to. - nodeName: string @go(NodeName) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentSource represents a volume that should be attached. -// Right now only PersistenVolumes can be attached via external attacher, -// in future we may allow also inline volumes in pods. -// Exactly one member can be set. -#VolumeAttachmentSource: { - // persistentVolumeName represents the name of the persistent volume to attach. - // +optional - persistentVolumeName?: null | string @go(PersistentVolumeName,*string) @protobuf(1,bytes,opt) - - // inlineVolumeSpec contains all the information necessary to attach - // a persistent volume defined by a pod's inline VolumeSource. This field - // is populated only for the CSIMigration feature. It contains - // translated fields from a pod's inline VolumeSource to a - // PersistentVolumeSpec. This field is beta-level and is only - // honored by servers that enabled the CSIMigration feature. - // +optional - inlineVolumeSpec?: null | v1.#PersistentVolumeSpec @go(InlineVolumeSpec,*v1.PersistentVolumeSpec) @protobuf(2,bytes,opt) -} - -// VolumeAttachmentStatus is the status of a VolumeAttachment request. -#VolumeAttachmentStatus: { - // attached indicates the volume is successfully attached. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - attached: bool @go(Attached) @protobuf(1,varint,opt) - - // attachmentMetadata is populated with any - // information returned by the attach operation, upon successful attach, that must be passed - // into subsequent WaitForAttach or Mount calls. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachmentMetadata?: {[string]: string} @go(AttachmentMetadata,map[string]string) @protobuf(2,bytes,rep) - - // attachError represents the last error encountered during attach operation, if any. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachError?: null | #VolumeError @go(AttachError,*VolumeError) @protobuf(3,bytes,opt,casttype=VolumeError) - - // detachError represents the last error encountered during detach operation, if any. - // This field must only be set by the entity completing the detach - // operation, i.e. the external-attacher. - // +optional - detachError?: null | #VolumeError @go(DetachError,*VolumeError) @protobuf(4,bytes,opt,casttype=VolumeError) -} - -// VolumeError captures an error encountered during a volume operation. -#VolumeError: { - // time represents the time the error was encountered. - // +optional - time?: metav1.#Time @go(Time) @protobuf(1,bytes,opt) - - // message represents the error encountered during Attach or Detach operation. - // This string may be logged, so it should not contain sensitive - // information. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// CSIDriver captures information about a Container Storage Interface (CSI) -// volume driver deployed on the cluster. -// Kubernetes attach detach controller uses this object to determine whether attach is required. -// Kubelet uses this object to determine whether pod information needs to be passed on mount. -// CSIDriver objects are non-namespaced. -#CSIDriver: { - metav1.#TypeMeta - - // Standard object metadata. - // metadata.Name indicates the name of the CSI driver that this object - // refers to; it MUST be the same name returned by the CSI GetPluginName() - // call for that driver. - // The driver name must be 63 characters or less, beginning and ending with - // an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and - // alphanumerics between. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the CSI Driver. - spec: #CSIDriverSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSIDriverList is a collection of CSIDriver objects. -#CSIDriverList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIDriver - items: [...#CSIDriver] @go(Items,[]CSIDriver) @protobuf(2,bytes,rep) -} - -// CSIDriverSpec is the specification of a CSIDriver. -#CSIDriverSpec: { - // attachRequired indicates this CSI volume driver requires an attach - // operation (because it implements the CSI ControllerPublishVolume() - // method), and that the Kubernetes attach detach controller should call - // the attach volume interface which checks the volumeattachment status - // and waits until the volume is attached before proceeding to mounting. - // The CSI external-attacher coordinates with CSI volume driver and updates - // the volumeattachment status when the attach operation is complete. - // If the CSIDriverRegistry feature gate is enabled and the value is - // specified to false, the attach operation will be skipped. - // Otherwise the attach operation will be called. - // - // This field is immutable. - // - // +optional - attachRequired?: null | bool @go(AttachRequired,*bool) @protobuf(1,varint,opt) - - // podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) - // during mount operations, if set to true. - // If set to false, pod information will not be passed on mount. - // Default is false. - // - // The CSI driver specifies podInfoOnMount as part of driver deployment. - // If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. - // The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. - // - // The following VolumeConext will be passed if podInfoOnMount is set to true. - // This list might grow, but the prefix will be used. - // "csi.storage.k8s.io/pod.name": pod.Name - // "csi.storage.k8s.io/pod.namespace": pod.Namespace - // "csi.storage.k8s.io/pod.uid": string(pod.UID) - // "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume - // defined by a CSIVolumeSource, otherwise "false" - // - // "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only - // required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. - // Other drivers can leave pod info disabled and/or ignore this field. - // As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when - // deployed on such a cluster and the deployment determines which mode that is, for example - // via a command line parameter of the driver. - // - // This field is immutable. - // - // +optional - podInfoOnMount?: null | bool @go(PodInfoOnMount,*bool) @protobuf(2,bytes,opt) - - // volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. - // The default if the list is empty is "Persistent", which is the usage defined by the - // CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. - // - // The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec - // with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. - // A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. - // - // For more information about implementing this mode, see - // https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html - // A driver can support one or more of these modes and more modes may be added in the future. - // - // This field is beta. - // This field is immutable. - // - // +optional - // +listType=set - volumeLifecycleModes?: [...#VolumeLifecycleMode] @go(VolumeLifecycleModes,[]VolumeLifecycleMode) @protobuf(3,bytes,opt) - - // storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage - // capacity that the driver deployment will report by creating - // CSIStorageCapacity objects with capacity information, if set to true. - // - // The check can be enabled immediately when deploying a driver. - // In that case, provisioning new volumes with late binding - // will pause until the driver deployment has published - // some suitable CSIStorageCapacity object. - // - // Alternatively, the driver can be deployed with the field - // unset or false and it can be flipped later when storage - // capacity information has been published. - // - // This field was immutable in Kubernetes <= 1.22 and now is mutable. - // - // +optional - // +featureGate=CSIStorageCapacity - storageCapacity?: null | bool @go(StorageCapacity,*bool) @protobuf(4,bytes,opt) - - // fsGroupPolicy defines if the underlying volume supports changing ownership and - // permission of the volume before being mounted. - // Refer to the specific FSGroupPolicy values for additional details. - // - // This field is immutable. - // - // Defaults to ReadWriteOnceWithFSType, which will examine each volume - // to determine if Kubernetes should modify ownership and permissions of the volume. - // With the default policy the defined fsGroup will only be applied - // if a fstype is defined and the volume's access mode contains ReadWriteOnce. - // - // +optional - fsGroupPolicy?: null | #FSGroupPolicy @go(FSGroupPolicy,*FSGroupPolicy) @protobuf(5,bytes,opt) - - // tokenRequests indicates the CSI driver needs pods' service account - // tokens it is mounting volume for to do necessary authentication. Kubelet - // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. - // The CSI driver should parse and validate the following VolumeContext: - // "csi.storage.k8s.io/serviceAccount.tokens": { - // "": { - // "token": , - // "expirationTimestamp": , - // }, - // ... - // } - // - // Note: Audience in each TokenRequest should be different and at - // most one token is empty string. To receive a new token after expiry, - // RequiresRepublish can be used to trigger NodePublishVolume periodically. - // - // +optional - // +listType=atomic - tokenRequests?: [...#TokenRequest] @go(TokenRequests,[]TokenRequest) @protobuf(6,bytes,opt) - - // requiresRepublish indicates the CSI driver wants `NodePublishVolume` - // being periodically called to reflect any possible change in the mounted - // volume. This field defaults to false. - // - // Note: After a successful initial NodePublishVolume call, subsequent calls - // to NodePublishVolume should only update the contents of the volume. New - // mount points will not be seen by a running container. - // - // +optional - requiresRepublish?: null | bool @go(RequiresRepublish,*bool) @protobuf(7,varint,opt) - - // seLinuxMount specifies if the CSI driver supports "-o context" - // mount option. - // - // When "true", the CSI driver must ensure that all volumes provided by this CSI - // driver can be mounted separately with different `-o context` options. This is - // typical for storage backends that provide volumes as filesystems on block - // devices or as independent shared volumes. - // Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount - // option when mounting a ReadWriteOncePod volume used in Pod that has - // explicitly set SELinux context. In the future, it may be expanded to other - // volume AccessModes. In any case, Kubernetes will ensure that the volume is - // mounted only with a single SELinux context. - // - // When "false", Kubernetes won't pass any special SELinux mount options to the driver. - // This is typical for volumes that represent subdirectories of a bigger shared filesystem. - // - // Default is "false". - // - // +featureGate=SELinuxMountReadWriteOncePod - // +optional - seLinuxMount?: null | bool @go(SELinuxMount,*bool) @protobuf(8,varint,opt) -} - -// FSGroupPolicy specifies if a CSI Driver supports modifying -// volume ownership and permissions of the volume to be mounted. -// More modes may be added in the future. -#FSGroupPolicy: string // #enumFSGroupPolicy - -#enumFSGroupPolicy: - #ReadWriteOnceWithFSTypeFSGroupPolicy | - #FileFSGroupPolicy | - #NoneFSGroupPolicy - -// ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined -// to determine if the volume ownership and permissions -// should be modified. If a fstype is defined and the volume's access mode -// contains ReadWriteOnce, then the defined fsGroup will be applied. -// This mode should be defined if it's expected that the -// fsGroup may need to be modified depending on the pod's SecurityPolicy. -// This is the default behavior if no other FSGroupPolicy is defined. -#ReadWriteOnceWithFSTypeFSGroupPolicy: #FSGroupPolicy & "ReadWriteOnceWithFSType" - -// FileFSGroupPolicy indicates that CSI driver supports volume ownership -// and permission change via fsGroup, and Kubernetes will change the permissions -// and ownership of every file in the volume to match the user requested fsGroup in -// the pod's SecurityPolicy regardless of fstype or access mode. -// Use this mode if Kubernetes should modify the permissions and ownership -// of the volume. -#FileFSGroupPolicy: #FSGroupPolicy & "File" - -// NoneFSGroupPolicy indicates that volumes will be mounted without performing -// any ownership or permission modifications, as the CSIDriver does not support -// these operations. -// This mode should be selected if the CSIDriver does not support fsGroup modifications, -// for example when Kubernetes cannot change ownership and permissions on a volume due -// to root-squash settings on a NFS volume. -#NoneFSGroupPolicy: #FSGroupPolicy & "None" - -// VolumeLifecycleMode is an enumeration of possible usage modes for a volume -// provided by a CSI driver. More modes may be added in the future. -#VolumeLifecycleMode: string // #enumVolumeLifecycleMode - -#enumVolumeLifecycleMode: - #VolumeLifecyclePersistent | - #VolumeLifecycleEphemeral - -// TokenRequest contains parameters of a service account token. -#TokenRequest: { - // audience is the intended audience of the token in "TokenRequestSpec". - // It will default to the audiences of kube apiserver. - audience: string @go(Audience) @protobuf(1,bytes,opt) - - // expirationSeconds is the duration of validity of the token in "TokenRequestSpec". - // It has the same default value of "ExpirationSeconds" in "TokenRequestSpec". - // - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) -} - -// VolumeLifecyclePersistent explicitly confirms that the driver implements -// the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not -// set. Such volumes are managed in Kubernetes via the persistent volume -// claim mechanism and have a lifecycle that is independent of the pods which -// use them. -#VolumeLifecyclePersistent: #VolumeLifecycleMode & "Persistent" - -// VolumeLifecycleEphemeral indicates that the driver can be used for -// ephemeral inline volumes. Such volumes are specified inside the pod -// spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have -// a lifecycle that is tied to the lifecycle of the pod. For example, such -// a volume might contain data that gets created specifically for that pod, -// like secrets. -// But how the volume actually gets created and managed is entirely up to -// the driver. It might also use reference counting to share the same volume -// instance among different pods if the CSIVolumeSource of those pods is -// identical. -#VolumeLifecycleEphemeral: #VolumeLifecycleMode & "Ephemeral" - -// CSINode holds information about all CSI drivers installed on a node. -// CSI drivers do not need to create the CSINode object directly. As long as -// they use the node-driver-registrar sidecar container, the kubelet will -// automatically populate the CSINode object for the CSI driver as part of -// kubelet plugin registration. -// CSINode has the same name as a node. If the object is missing, it means either -// there are no CSI Drivers available on the node, or the Kubelet version is low -// enough that it doesn't create this object. -// CSINode has an OwnerReference that points to the corresponding node object. -#CSINode: { - metav1.#TypeMeta - - // Standard object's metadata. - // metadata.name must be the Kubernetes node name. - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification of CSINode - spec: #CSINodeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSINodeSpec holds information about the specification of all CSI drivers installed on a node -#CSINodeSpec: { - // drivers is a list of information of all CSI Drivers existing on a node. - // If all drivers in the list are uninstalled, this can become empty. - // +patchMergeKey=name - // +patchStrategy=merge - drivers: [...#CSINodeDriver] @go(Drivers,[]CSINodeDriver) @protobuf(1,bytes,rep) -} - -// CSINodeDriver holds information about the specification of one CSI driver installed on a node -#CSINodeDriver: { - // name represents the name of the CSI driver that this object refers to. - // This MUST be the same name returned by the CSI GetPluginName() call for - // that driver. - name: string @go(Name) @protobuf(1,bytes,opt) - - // nodeID of the node from the driver point of view. - // This field enables Kubernetes to communicate with storage systems that do - // not share the same nomenclature for nodes. For example, Kubernetes may - // refer to a given node as "node1", but the storage system may refer to - // the same node as "nodeA". When Kubernetes issues a command to the storage - // system to attach a volume to a specific node, it can use this field to - // refer to the node name using the ID that the storage system will - // understand, e.g. "nodeA" instead of "node1". This field is required. - nodeID: string @go(NodeID) @protobuf(2,bytes,opt) - - // topologyKeys is the list of keys supported by the driver. - // When a driver is initialized on a cluster, it provides a set of topology - // keys that it understands (e.g. "company.com/zone", "company.com/region"). - // When a driver is initialized on a node, it provides the same topology keys - // along with values. Kubelet will expose these topology keys as labels - // on its own node object. - // When Kubernetes does topology aware provisioning, it can use this list to - // determine which labels it should retrieve from the node object and pass - // back to the driver. - // It is possible for different nodes to use different topology keys. - // This can be empty if driver does not support topology. - // +optional - topologyKeys: [...string] @go(TopologyKeys,[]string) @protobuf(3,bytes,rep) - - // allocatable represents the volume resources of a node that are available for scheduling. - // This field is beta. - // +optional - allocatable?: null | #VolumeNodeResources @go(Allocatable,*VolumeNodeResources) @protobuf(4,bytes,opt) -} - -// VolumeNodeResources is a set of resource limits for scheduling of volumes. -#VolumeNodeResources: { - // count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. - // A volume that is both attached and mounted on a node is considered to be used once, not twice. - // The same rule applies for a unique volume that is shared among multiple pods on the same node. - // If this field is not specified, then the supported number of volumes on this node is unbounded. - // +optional - count?: null | int32 @go(Count,*int32) @protobuf(1,varint,opt) -} - -// CSINodeList is a collection of CSINode objects. -#CSINodeList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSINode - items: [...#CSINode] @go(Items,[]CSINode) @protobuf(2,bytes,rep) -} - -// CSIStorageCapacity stores the result of one CSI GetCapacity call. -// For a given StorageClass, this describes the available capacity in a -// particular topology segment. This can be used when considering where to -// instantiate new PersistentVolumes. -// -// For example this can express things like: -// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" -// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123" -// -// The following three cases all imply that no capacity is available for -// a certain combination: -// - no object exists with suitable topology and storage class name -// - such an object exists, but the capacity is unset -// - such an object exists, but the capacity is zero -// -// The producer of these objects can decide which approach is more suitable. -// -// They are consumed by the kube-scheduler when a CSI driver opts into -// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler -// compares the MaximumVolumeSize against the requested size of pending volumes -// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back -// to a comparison against the less precise Capacity. If that is also unset, -// the scheduler assumes that capacity is insufficient and tries some other -// node. -#CSIStorageCapacity: { - metav1.#TypeMeta - - // Standard object's metadata. - // The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). - // To ensure that there are no conflicts with other CSI drivers on the cluster, - // the recommendation is to use csisc-, a generated name, or a reverse-domain name - // which ends with the unique CSI driver name. - // - // Objects are namespaced. - // - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // nodeTopology defines which nodes have access to the storage - // for which capacity was reported. If not set, the storage is - // not accessible from any node in the cluster. If empty, the - // storage is accessible from all nodes. This field is - // immutable. - // - // +optional - nodeTopology?: null | metav1.#LabelSelector @go(NodeTopology,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // storageClassName represents the name of the StorageClass that the reported capacity applies to. - // It must meet the same requirements as the name of a StorageClass - // object (non-empty, DNS subdomain). If that object no longer exists, - // the CSIStorageCapacity object is obsolete and should be removed by its - // creator. - // This field is immutable. - storageClassName: string @go(StorageClassName) @protobuf(3,bytes) - - // capacity is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // The semantic is currently (CSI spec 1.2) defined as: - // The available capacity, in bytes, of the storage that can be used - // to provision volumes. If not set, that information is currently - // unavailable. - // - // +optional - capacity?: null | resource.#Quantity @go(Capacity,*resource.Quantity) @protobuf(4,bytes,opt) - - // maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // This is defined since CSI spec 1.4.0 as the largest size - // that may be used in a - // CreateVolumeRequest.capacity_range.required_bytes field to - // create a volume with the same parameters as those in - // GetCapacityRequest. The corresponding value in the Kubernetes - // API is ResourceRequirements.Requests in a volume claim. - // - // +optional - maximumVolumeSize?: null | resource.#Quantity @go(MaximumVolumeSize,*resource.Quantity) @protobuf(5,bytes,opt) -} - -// CSIStorageCapacityList is a collection of CSIStorageCapacity objects. -#CSIStorageCapacityList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIStorageCapacity objects. - // +listType=map - // +listMapKey=name - items: [...#CSIStorageCapacity] @go(Items,[]CSIStorageCapacity) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue deleted file mode 100644 index 083aa825..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -// Package v1 is the v1 version of the API. -package v1 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue deleted file mode 100644 index c4ce800f..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -#GroupName: "apiextensions.k8s.io" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue deleted file mode 100644 index b938c8ba..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue +++ /dev/null @@ -1,513 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// ConversionStrategyType describes different conversion types. -#ConversionStrategyType: string // #enumConversionStrategyType - -#enumConversionStrategyType: - #NoneConverter | - #WebhookConverter - -// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces. -// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL. -// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged. -#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io" - -// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged. -#NoneConverter: #ConversionStrategyType & "None" - -// WebhookConverter is a converter that calls to an external webhook to convert the CR. -#WebhookConverter: #ConversionStrategyType & "Webhook" - -// CustomResourceDefinitionSpec describes how a user wants their resource to appear -#CustomResourceDefinitionSpec: { - // group is the API group of the defined custom resource. - // The custom resources are served under `/apis//...`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - group: string @go(Group) @protobuf(1,bytes,opt) - - // names specify the resource and kind names for the custom resource. - names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt) - - // scope indicates whether the defined custom resource is cluster- or namespace-scoped. - // Allowed values are `Cluster` and `Namespaced`. - scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope) - - // versions is the list of all API versions of the defined custom resource. - // Version names are used to compute the order in which served versions are listed in API discovery. - // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered - // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), - // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first - // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing - // major version, then minor version. An example sorted list of versions: - // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. - versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep) - - // conversion defines conversion settings for the CRD. - // +optional - conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt) - - // preserveUnknownFields indicates that object fields which are not specified - // in the OpenAPI schema should be preserved when persisting to storage. - // apiVersion, kind, metadata and known fields inside metadata are always preserved. - // This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. - // See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details. - // +optional - preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt) -} - -// CustomResourceConversion describes how to convert different versions of a CR. -#CustomResourceConversion: { - // strategy specifies how custom resources are converted between versions. Allowed values are: - // - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. - // - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information - // is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. - strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes) - - // webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`. - // +optional - webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt) -} - -// WebhookConversion describes how to call a conversion webhook -#WebhookConversion: { - // clientConfig is the instructions for how to call the webhook if strategy is `Webhook`. - // +optional - clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes) - - // conversionReviewVersions is an ordered list of preferred `ConversionReview` - // versions the Webhook expects. The API server will use the first version in - // the list which it supports. If none of the versions specified in this list - // are supported by API server, conversion will fail for the custom resource. - // If a persisted Webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail. - conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep) -} - -// WebhookClientConfig contains the information to make a TLS connection with the webhook. -#WebhookClientConfig: { - // url gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // service is a reference to the service for this webhook. Either - // service or url must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // namespace is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // name is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // path is an optional URL path at which the webhook will be contacted. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // port is an optional service port at which the webhook will be contacted. - // `port` should be a valid port number (1-65535, inclusive). - // Defaults to 443 for backward compatibility. - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// CustomResourceDefinitionVersion describes a version for CRD. -#CustomResourceDefinitionVersion: { - // name is the version name, e.g. “v1”, “v2beta1”, etc. - // The custom resources are served under this version at `/apis///...` if `served` is true. - name: string @go(Name) @protobuf(1,bytes,opt) - - // served is a flag enabling/disabling this version from being served via REST APIs - served: bool @go(Served) @protobuf(2,varint,opt) - - // storage indicates this version should be used when persisting custom resources to storage. - // There must be exactly one version with storage=true. - storage: bool @go(Storage) @protobuf(3,varint,opt) - - // deprecated indicates this version of the custom resource API is deprecated. - // When set to true, API requests to this version receive a warning header in the server response. - // Defaults to false. - // +optional - deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt) - - // deprecationWarning overrides the default warning returned to API clients. - // May only be set when `deprecated` is true. - // The default warning indicates this version is deprecated and recommends use - // of the newest served version of equal or greater stability, if one exists. - // +optional - deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt) - - // schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource. - // +optional - schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt) - - // subresources specify what subresources this version of the defined custom resource have. - // +optional - subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt) - - // additionalPrinterColumns specifies additional columns returned in Table output. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. - // If no columns are specified, a single column displaying the age of the custom resource is used. - // +optional - additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep) -} - -// CustomResourceColumnDefinition specifies a column for server side printing. -#CustomResourceColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) @protobuf(1,bytes,opt) - - // type is an OpenAPI type definition for this column. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - type: string @go(Type) @protobuf(2,bytes,opt) - - // format is an optional OpenAPI type definition for this column. The 'name' format is applied - // to the primary identifier column to assist in clients identifying column is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - // +optional - format?: string @go(Format) @protobuf(3,bytes,opt) - - // description is a human readable description of this column. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a priority greater than 0. - // +optional - priority?: int32 @go(Priority) @protobuf(5,bytes,opt) - - // jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against - // each custom resource to produce the value for this column. - jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt) -} - -// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition -#CustomResourceDefinitionNames: { - // plural is the plural name of the resource to serve. - // The custom resources are served under `/apis///.../`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - // Must be all lowercase. - plural: string @go(Plural) @protobuf(1,bytes,opt) - - // singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. - // +optional - singular?: string @go(Singular) @protobuf(2,bytes,opt) - - // shortNames are short names for the resource, exposed in API discovery documents, - // and used by clients to support invocations like `kubectl get `. - // It must be all lowercase. - // +optional - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt) - - // kind is the serialized kind of the resource. It is normally CamelCase and singular. - // Custom resource instances will use this value as the `kind` attribute in API calls. - kind: string @go(Kind) @protobuf(4,bytes,opt) - - // listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". - // +optional - listKind?: string @go(ListKind) @protobuf(5,bytes,opt) - - // categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). - // This is published in API discovery documents, and used by clients to support invocations like - // `kubectl get all`. - // +optional - categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep) -} - -// ResourceScope is an enum defining the different scopes available to a custom resource -#ResourceScope: string // #enumResourceScope - -#enumResourceScope: - #ClusterScoped | - #NamespaceScoped - -#ClusterScoped: #ResourceScope & "Cluster" -#NamespaceScoped: #ResourceScope & "Namespaced" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type -#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType - -#enumCustomResourceDefinitionConditionType: - #Established | - #NamesAccepted | - #NonStructuralSchema | - #Terminating | - #KubernetesAPIApprovalPolicyConformant - -// Established means that the resource has become active. A resource is established when all names are -// accepted without a conflict for the first time. A resource stays established until deleted, even during -// a later NamesAccepted due to changed names. Note that not all names can be changed. -#Established: #CustomResourceDefinitionConditionType & "Established" - -// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in -// the group and are therefore accepted. -#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted" - -// NonStructuralSchema means that one or more OpenAPI schema is not structural. -// -// A schema is structural if it specifies types for all values, with the only exceptions of those with -// - x-kubernetes-int-or-string: true — for fields which can be integer or string -// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values -// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions -// specified under allOf, anyOf, oneOf or not. -// -// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be -// available for non-structural CRDs: -// - pruning -// - defaulting -// - read-only -// - OpenAPI publishing -// - webhook conversion -#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema" - -// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up. -#Terminating: #CustomResourceDefinitionConditionType & "Terminating" - -// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs -// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will -// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false. -// See https://github.com/kubernetes/enhancements/pull/1111 for more details. -#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant" - -// CustomResourceDefinitionCondition contains details for the current condition of this pod. -#CustomResourceDefinitionCondition: { - // type is the type of the condition. Types include Established, NamesAccepted and Terminating. - type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType) - - // status is the status of the condition. - // Can be True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastTransitionTime last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is a unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition -#CustomResourceDefinitionStatus: { - // conditions indicate state for particular aspects of a CustomResourceDefinition - // +optional - // +listType=map - // +listMapKey=type - conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt) - - // acceptedNames are the names that are actually being used to serve discovery. - // They may be different than the names in spec. - // +optional - acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt) - - // storedVersions lists all versions of CustomResources that were ever persisted. Tracking these - // versions allows a migration path for stored versions in etcd. The field is mutable - // so a migration controller can finish a migration to another version (ensuring - // no old objects are left in storage), and then remove the rest of the - // versions from this list. - // Versions may not be removed from `spec.versions` while they exist in this list. - // +optional - storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep) -} - -#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io" - -// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format -// <.spec.name>.<.spec.group>. -#CustomResourceDefinition: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec describes how the user wants the resources to appear - spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt) - - // status indicates the actual state of the CustomResourceDefinition - // +optional - status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CustomResourceDefinitionList is a list of CustomResourceDefinition objects. -#CustomResourceDefinitionList: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items list individual CustomResourceDefinition objects - items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep) -} - -// CustomResourceValidation is a list of validation methods for CustomResources. -#CustomResourceValidation: { - // openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning. - // +optional - openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt) -} - -// CustomResourceSubresources defines the status and scale subresources for CustomResources. -#CustomResourceSubresources: { - // status indicates the custom resource should serve a `/status` subresource. - // When enabled: - // 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. - // 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. - // +optional - status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt) - - // scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object. - // +optional - scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt) -} - -// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. -// Status is represented by the `.status` JSON path inside of a CustomResource. When set, -// * exposes a /status subresource for the custom resource -// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza -// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza -#CustomResourceSubresourceStatus: { -} - -// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources. -#CustomResourceSubresourceScale: { - // specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.spec`. - // If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. - specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes) - - // statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status`. - // If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource - // will default to 0. - statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt) - - // labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status` or `.spec`. - // Must be set to work with HorizontalPodAutoscaler. - // The field pointed by this JSON path must be a string field (not a complex selector struct) - // which contains a serialized label selector in string form. - // More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource - // If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` - // subresource will default to the empty string. - // +optional - labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt) -} - -// ConversionReview describes a conversion request/response. -#ConversionReview: { - metav1.#TypeMeta - - // request describes the attributes for the conversion request. - // +optional - request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt) - - // response describes the attributes for the conversion response. - // +optional - response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt) -} - -// ConversionRequest describes the conversion request parameters. -#ConversionRequest: { - // uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are - // otherwise identical (parallel requests, etc). - // The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1" - desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes) - - // objects is the list of custom resource objects to be converted. - objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep) -} - -// ConversionResponse describes a conversion response. -#ConversionResponse: { - // uid is an identifier for the individual request/response. - // This should be copied over from the corresponding `request.uid`. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty. - // The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list - // must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace). - // The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored. - convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep) - - // result contains the result of conversion with extra details if the conversion failed. `result.status` determines if - // the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the - // conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set - // `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message` - // will be used to construct an error message for the end user. - result: metav1.#Status @go(Result) @protobuf(3,bytes) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue deleted file mode 100644 index 19f42c1f..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue +++ /dev/null @@ -1,317 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -// FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation. -// +enum -#FieldValueErrorReason: string // #enumFieldValueErrorReason - -#enumFieldValueErrorReason: - #FieldValueRequired | - #FieldValueDuplicate | - #FieldValueInvalid | - #FieldValueForbidden - -// FieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#FieldValueRequired: #FieldValueErrorReason & "FieldValueRequired" - -// FieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#FieldValueDuplicate: #FieldValueErrorReason & "FieldValueDuplicate" - -// FieldValueInvalid is used to report malformed values (e.g. failed regex -// match, too long, out of bounds). -#FieldValueInvalid: #FieldValueErrorReason & "FieldValueInvalid" - -// FieldValueForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). -#FieldValueForbidden: #FieldValueErrorReason & "FieldValueForbidden" - -// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). -#JSONSchemaProps: { - id?: string @go(ID) @protobuf(1,bytes,opt) - $schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema) - $ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref) - description?: string @go(Description) @protobuf(4,bytes,opt) - type?: string @go(Type) @protobuf(5,bytes,opt) - - // format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: - // - // - bsonobjectid: a bson object ID, i.e. a 24 characters hex string - // - uri: an URI as parsed by Golang net/url.ParseRequestURI - // - email: an email address as parsed by Golang net/mail.ParseAddress - // - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - // - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - // - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - // - cidr: a CIDR as parsed by Golang net.ParseCIDR - // - mac: a MAC address as parsed by Golang net.ParseMAC - // - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" - // - isbn10: an ISBN10 number string like "0321751043" - // - isbn13: an ISBN13 number string like "978-0321751041" - // - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - // - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - // - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - // - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" - // - byte: base64 encoded binary data - // - password: any kind of string - // - date: a date string like "2006-01-02" as defined by full-date in RFC3339 - // - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format - // - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. - format?: string @go(Format) @protobuf(6,bytes,opt) - title?: string @go(Title) @protobuf(7,bytes,opt) - - // default is a default value for undefined object fields. - // Defaulting is a beta feature under the CustomResourceDefaulting feature gate. - // Defaulting requires spec.preserveUnknownFields to be false. - default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt) - maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt) - exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt) - minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt) - exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt) - maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt) - minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt) - pattern?: string @go(Pattern) @protobuf(15,bytes,opt) - maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt) - minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt) - uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt) - multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt) - enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep) - maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt) - minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt) - required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep) - items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt) - allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep) - oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep) - anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep) - not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt) - properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep) - additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt) - patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep) - dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt) - additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt) - definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt) - externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt) - example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt) - nullable?: bool @go(Nullable) @protobuf(37,bytes,opt) - - // x-kubernetes-preserve-unknown-fields stops the API server - // decoding step from pruning fields which are not specified - // in the validation schema. This affects fields recursively, - // but switches back to normal pruning behaviour if nested - // properties or additionalProperties are specified in the schema. - // This can either be true or undefined. False is forbidden. - "x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields) - - // x-kubernetes-embedded-resource defines that the value is an - // embedded Kubernetes runtime.Object, with TypeMeta and - // ObjectMeta. The type must be object. It is allowed to further - // restrict the embedded object. kind, apiVersion and metadata - // are validated automatically. x-kubernetes-preserve-unknown-fields - // is allowed to be true, but does not have to be if the object - // is fully specified (up to kind, apiVersion, metadata). - "x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource) - - // x-kubernetes-int-or-string specifies that this value is - // either an integer or a string. If this is true, an empty - // type is allowed and type as child of anyOf is permitted - // if following one of the following patterns: - // - // 1) anyOf: - // - type: integer - // - type: string - // 2) allOf: - // - anyOf: - // - type: integer - // - type: string - // - ... zero or more - "x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString) - - // x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used - // as the index of the map. - // - // This tag MUST only be used on lists that have the "x-kubernetes-list-type" - // extension set to "map". Also, the values specified for this attribute must - // be a scalar typed field of the child structure (no nesting is supported). - // - // The properties specified must either be required or have a default value, - // to ensure those properties are present for all list items. - // - // +optional - "x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys) - - // x-kubernetes-list-type annotates an array to further describe its topology. - // This extension must only be used on lists and may have 3 possible values: - // - // 1) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic lists will be entirely replaced when updated. This extension - // may be used on any type of list (struct, scalar, ...). - // 2) `set`: - // Sets are lists that must not have multiple items with the same value. Each - // value must be a scalar, an object with x-kubernetes-map-type `atomic` or an - // array with x-kubernetes-list-type `atomic`. - // 3) `map`: - // These lists are like maps in that their elements have a non-index key - // used to identify them. Order is preserved upon merge. The map tag - // must only be used on a list with elements of type object. - // Defaults to atomic for arrays. - // +optional - "x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType) - - // x-kubernetes-map-type annotates an object to further describe its topology. - // This extension must only be used when type is object and may have 2 possible values: - // - // 1) `granular`: - // These maps are actual maps (key-value pairs) and each fields are independent - // from each other (they can each be manipulated by separate actors). This is - // the default behaviour for all maps. - // 2) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic maps will be entirely replaced when updated. - // +optional - "x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType) - - // x-kubernetes-validations describes a list of validation rules written in the CEL expression language. - // This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled. - // +patchMergeKey=rule - // +patchStrategy=merge - // +listType=map - // +listMapKey=rule - "x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations) -} - -// ValidationRules describes a list of validation rules written in the CEL expression language. -#ValidationRules: [...#ValidationRule] - -// ValidationRule describes a validation rule written in the CEL expression language. -#ValidationRule: { - // Rule represents the expression which will be evaluated by CEL. - // ref: https://github.com/google/cel-spec - // The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. - // The `self` variable in the CEL expression is bound to the scoped value. - // Example: - // - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"} - // - // If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable - // via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as - // absent fields in CEL expressions. - // If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map - // are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map - // are accessible via CEL macros and functions such as `self.all(...)`. - // If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and - // functions. - // If the Rule is scoped to a scalar, `self` is bound to the scalar value. - // Examples: - // - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"} - // - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"} - // - Rule scoped to a string value: {"rule": "self.startsWith('kube')"} - // - // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the - // object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible. - // - // Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL - // expressions. This includes: - // - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - // - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as: - // - A schema with no type and x-kubernetes-preserve-unknown-fields set to true - // - An array where the items schema is of an "unknown type" - // - An object where the additionalProperties schema is of an "unknown type" - // - // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. - // Accessible property names are escaped according to the following rules when accessed in the expression: - // - '__' escapes to '__underscores__' - // - '.' escapes to '__dot__' - // - '-' escapes to '__dash__' - // - '/' escapes to '__slash__' - // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: - // "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", - // "import", "let", "loop", "package", "namespace", "return". - // Examples: - // - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"} - // - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"} - // - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"} - // - // Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. - // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: - // - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and - // non-intersecting elements in `Y` are appended, retaining their partial order. - // - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values - // are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with - // non-intersecting keys are appended, retaining their partial order. - rule: string @go(Rule) @protobuf(1,bytes,opt) - - // Message represents the message displayed when validation fails. The message is required if the Rule contains - // line breaks. The message must not contain line breaks. - // If unset, the message is "failed rule: {Rule}". - // e.g. "must be a URL with the host matching spec.host" - message?: string @go(Message) @protobuf(2,bytes,opt) - - // MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. - // Since messageExpression is used as a failure message, it must evaluate to a string. - // If both message and messageExpression are present on a rule, then messageExpression will be used if validation - // fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced - // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string - // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and - // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. - // messageExpression has access to all the same variables as the rule; the only difference is the return type. - // Example: - // "x must be less than max ("+string(self.max)+")" - // +optional - messageExpression?: string @go(MessageExpression) @protobuf(3,bytes,opt) - - // reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. - // The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule. - // The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". - // If not set, default to use "FieldValueInvalid". - // All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. - // +optional - reason?: null | #FieldValueErrorReason @go(Reason,*FieldValueErrorReason) @protobuf(4,bytes,opt) - - // fieldPath represents the field path returned when the validation fails. - // It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. - // e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` - // If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` - // It does not support list numeric index. - // It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. - // Numeric index of array is not supported. - // For field name which contains special characters, use `['specialName']` to refer the field name. - // e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` - // +optional - fieldPath?: string @go(FieldPath) @protobuf(5,bytes,opt) -} - -// JSON represents any valid JSON value. -// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. -#JSON: _ - -// JSONSchemaURL represents a schema url. -#JSONSchemaURL: string - -// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps -// or an array of JSONSchemaProps. Mainly here for serialization purposes. -#JSONSchemaPropsOrArray: _ - -// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. -// Defaults to true for the boolean property. -#JSONSchemaPropsOrBool: _ - -// JSONSchemaDependencies represent a dependencies property. -#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray} - -// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array. -#JSONSchemaPropsOrStringArray: _ - -// JSONSchemaDefinitions contains the models explicitly defined in this spec. -#JSONSchemaDefinitions: {[string]: #JSONSchemaProps} - -// ExternalDocumentation allows referencing an external resource for extended documentation. -#ExternalDocumentation: { - description?: string @go(Description) @protobuf(1,bytes,opt) - url?: string @go(URL) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff53860..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a46..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b28..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec26..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 83539273..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c9..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b6..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c39..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d5..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644c..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e3..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f2..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f07..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb62..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f467..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf89..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745a..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd828..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc365..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b9189..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec8..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be..00000000 --- a/platform/modules/adhar-backstage/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/platform/modules/adhar-backstage/cue.mod/module.cue b/platform/modules/adhar-backstage/cue.mod/module.cue deleted file mode 100644 index 87bd3239..00000000 --- a/platform/modules/adhar-backstage/cue.mod/module.cue +++ /dev/null @@ -1 +0,0 @@ -module: "timoni.sh/adhar-backstage" diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f09896..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b062..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573a..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397..00000000 --- a/platform/modules/adhar-backstage/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/platform/modules/adhar-backstage/debug_tool.cue b/platform/modules/adhar-backstage/debug_tool.cue deleted file mode 100644 index cf9c1472..00000000 --- a/platform/modules/adhar-backstage/debug_tool.cue +++ /dev/null @@ -1,35 +0,0 @@ -package main - -import ( - "tool/cli" - "encoding/yaml" - "text/tabwriter" -) - -_resources: timoni.apply.app + timoni.apply.test - -// The build command generates the Kubernetes manifests and prints the multi-docs YAML to stdout. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -command: build: { - task: print: cli.Print & { - text: yaml.MarshalStream(_resources) - } -} - -// The ls command prints a table with the Kubernetes resources kind, namespace, name and version. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 ls'. -command: ls: { - task: print: cli.Print & { - text: tabwriter.Write([ - "RESOURCE \tAPI VERSION", - for r in _resources { - if r.metadata.namespace == _|_ { - "\(r.kind)/\(r.metadata.name) \t\(r.apiVersion)" - } - if r.metadata.namespace != _|_ { - "\(r.kind)/\(r.metadata.namespace)/\(r.metadata.name) \t\(r.apiVersion)" - } - }, - ]) - } -} diff --git a/platform/modules/adhar-backstage/debug_values.cue b/platform/modules/adhar-backstage/debug_values.cue deleted file mode 100644 index d888c34f..00000000 --- a/platform/modules/adhar-backstage/debug_values.cue +++ /dev/null @@ -1,30 +0,0 @@ -@if(debug) - -package main - -// Values used by debug_tool.cue. -// Debug example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -values: { - podAnnotations: "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - message: "Hello Debug" - image: { - repository: "docker.io/nginx" - tag: "1-alpine" - digest: "" - } - test: { - enabled: true - image: { - repository: "docker.io/curlimages/curl" - tag: "latest" - digest: "" - } - } - affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{ - matchExpressions: [{ - key: "kubernetes.io/os" - operator: "In" - values: ["linux"] - }] - }] -} diff --git a/platform/modules/adhar-backstage/templates/config.cue b/platform/modules/adhar-backstage/templates/config.cue deleted file mode 100644 index 5769b01f..00000000 --- a/platform/modules/adhar-backstage/templates/config.cue +++ /dev/null @@ -1,113 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -// Config defines the schema and defaults for the Instance values. -#Config: { - // The kubeVersion is a required field, set at apply-time - // via timoni.cue by querying the user's Kubernetes API. - kubeVersion!: string - // Using the kubeVersion you can enforce a minimum Kubernetes minor version. - // By default, the minimum Kubernetes version is set to 1.20. - clusterVersion: timoniv1.#SemVer & {#Version: kubeVersion, #Minimum: "1.20.0"} - - // The moduleVersion is set from the user-supplied module version. - // This field is used for the `app.kubernetes.io/version` label. - moduleVersion!: string - - // The Kubernetes metadata common to all resources. - // The `metadata.name` and `metadata.namespace` fields are - // set from the user-supplied instance name and namespace. - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - - // The labels allows adding `metadata.labels` to all resources. - // The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels - // are automatically generated and can't be overwritten. - metadata: labels: timoniv1.#Labels - - // The annotations allows adding `metadata.annotations` to all resources. - metadata: annotations?: timoniv1.#Annotations - - // The selector allows adding label selectors to Deployments and Services. - // The `app.kubernetes.io/name` label selector is automatically generated - // from the instance name and can't be overwritten. - selector: timoniv1.#Selector & {#Name: metadata.name} - - // The image allows setting the container image repository, - // tag, digest and pull policy. - // The default image repository and tag is set in `values.cue`. - image!: timoniv1.#Image - - // The resources allows setting the container resource requirements. - // By default, the container requests 10m CPU and 32Mi memory. - resources: timoniv1.#ResourceRequirements & { - requests: { - cpu: *"10m" | timoniv1.#CPUQuantity - memory: *"32Mi" | timoniv1.#MemoryQuantity - } - } - - // The number of pods replicas. - // By default, the number of replicas is 1. - replicas: *1 | int & >0 - - // The securityContext allows setting the container security context. - // By default, the container is denined privilege escalation. - securityContext: corev1.#SecurityContext & { - allowPrivilegeEscalation: *false | true - privileged: *false | true - capabilities: - { - drop: *["ALL"] | [string] - add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] - } - } - - // The service allows setting the Kubernetes Service annotations and port. - // By default, the HTTP port is 80. - service: { - annotations?: timoniv1.#Annotations - - port: *80 | int & >0 & <=65535 - } - - // Pod optional settings. - podAnnotations?: {[string]: string} - podSecurityContext?: corev1.#PodSecurityContext - imagePullSecrets?: [...timoniv1.#ObjectReference] - tolerations?: [...corev1.#Toleration] - affinity?: corev1.#Affinity - topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] - - // Test Job disabled by default. - test: { - enabled: *false | bool - image!: timoniv1.#Image - } - - // App settings. - message!: string -} - -// Instance takes the config values and outputs the Kubernetes objects. -#Instance: { - config: #Config - - objects: { - sa: #ServiceAccount & {#config: config} - svc: #Service & {#config: config} - cm: #ConfigMap & {#config: config} - - deploy: #Deployment & { - #config: config - #cmName: objects.cm.metadata.name - } - } - - tests: { - "test-svc": #TestJob & {#config: config} - } -} diff --git a/platform/modules/adhar-backstage/templates/configmap.cue b/platform/modules/adhar-backstage/templates/configmap.cue deleted file mode 100644 index 7f591f15..00000000 --- a/platform/modules/adhar-backstage/templates/configmap.cue +++ /dev/null @@ -1,55 +0,0 @@ -package templates - -import ( - timoniv1 "timoni.sh/core/v1alpha1" -) - -#ConfigMap: timoniv1.#ImmutableConfig & { - #config: #Config - #Kind: timoniv1.#ConfigMapKind - #Meta: #config.metadata - #Data: { - "nginx.default.conf": """ - server { - listen 8080; - server_name \(#config.metadata.name); - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - location /healthz { - access_log off; - default_type text/plain; - return 200 "OK"; - } - - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } - """ - "index.html": """ - - - - - - \(#config.metadata.name) - - - -

\(#config.message) from \(#config.metadata.name)!

-

If you see this page, the \(#config.metadata.name) instance is successfully deployed in the \(#config.metadata.namespace) namespace by Timoni.

- - - """ - } -} diff --git a/platform/modules/adhar-backstage/templates/deployment.cue b/platform/modules/adhar-backstage/templates/deployment.cue deleted file mode 100644 index e73b35eb..00000000 --- a/platform/modules/adhar-backstage/templates/deployment.cue +++ /dev/null @@ -1,104 +0,0 @@ -package templates - -import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" -) - -#Deployment: appsv1.#Deployment & { - #config: #Config - #cmName: string - apiVersion: "apps/v1" - kind: "Deployment" - metadata: #config.metadata - spec: appsv1.#DeploymentSpec & { - replicas: #config.replicas - selector: matchLabels: #config.selector.labels - template: { - metadata: { - labels: #config.selector.labels - if #config.podAnnotations != _|_ { - annotations: #config.podAnnotations - } - } - spec: corev1.#PodSpec & { - serviceAccountName: #config.metadata.name - containers: [ - { - name: #config.metadata.name - image: #config.image.reference - imagePullPolicy: #config.image.pullPolicy - ports: [ - { - name: "http" - containerPort: 8080 - protocol: "TCP" - }, - ] - livenessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - readinessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - volumeMounts: [ - { - mountPath: "/etc/nginx/conf.d" - name: "config" - }, - { - mountPath: "/usr/share/nginx/html" - name: "html" - }, - ] - resources: #config.resources - securityContext: #config.securityContext - }, - ] - volumes: [ - { - name: "config" - configMap: { - name: #cmName - items: [{ - key: "nginx.default.conf" - path: key - }] - } - }, - { - name: "html" - configMap: { - name: #cmName - items: [{ - key: "index.html" - path: key - }] - } - }, - ] - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - } -} diff --git a/platform/modules/adhar-backstage/templates/job.cue b/platform/modules/adhar-backstage/templates/job.cue deleted file mode 100644 index 80b9bdf8..00000000 --- a/platform/modules/adhar-backstage/templates/job.cue +++ /dev/null @@ -1,58 +0,0 @@ -package templates - -import ( - "encoding/yaml" - "uuid" - - corev1 "k8s.io/api/core/v1" - batchv1 "k8s.io/api/batch/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#TestJob: batchv1.#Job & { - #config: #Config - apiVersion: "batch/v1" - kind: "Job" - metadata: timoniv1.#MetaComponent & { - #Meta: #config.metadata - #Component: "test" - } - metadata: annotations: timoniv1.Action.Force - spec: batchv1.#JobSpec & { - template: corev1.#PodTemplateSpec & { - let _checksum = uuid.SHA1(uuid.ns.DNS, yaml.Marshal(#config)) - metadata: annotations: "timoni.sh/checksum": "\(_checksum)" - spec: { - containers: [{ - name: "curl" - image: #config.test.image.reference - imagePullPolicy: #config.test.image.pullPolicy - command: [ - "curl", - "-v", - "-m", - "5", - "\(#config.metadata.name):\(#config.service.port)", - ] - }] - restartPolicy: "Never" - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - backoffLimit: 1 - } -} diff --git a/platform/modules/adhar-backstage/templates/service.cue b/platform/modules/adhar-backstage/templates/service.cue deleted file mode 100644 index e6dbe5cf..00000000 --- a/platform/modules/adhar-backstage/templates/service.cue +++ /dev/null @@ -1,27 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#Service: corev1.#Service & { - #config: #Config - apiVersion: "v1" - kind: "Service" - metadata: #config.metadata - if #config.service.annotations != _|_ { - metadata: annotations: #config.service.annotations - } - spec: corev1.#ServiceSpec & { - type: corev1.#ServiceTypeClusterIP - selector: #config.selector.labels - ports: [ - { - port: #config.service.port - protocol: "TCP" - name: "http" - targetPort: name - }, - ] - } -} diff --git a/platform/modules/adhar-backstage/templates/serviceaccount.cue b/platform/modules/adhar-backstage/templates/serviceaccount.cue deleted file mode 100644 index f07f5748..00000000 --- a/platform/modules/adhar-backstage/templates/serviceaccount.cue +++ /dev/null @@ -1,12 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#ServiceAccount: corev1.#ServiceAccount & { - #config: #Config - apiVersion: "v1" - kind: "ServiceAccount" - metadata: #config.metadata -} diff --git a/platform/modules/adhar-backstage/timoni.cue b/platform/modules/adhar-backstage/timoni.cue deleted file mode 100644 index 4437bfc4..00000000 --- a/platform/modules/adhar-backstage/timoni.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by timoni. -// Note that this file is required and should contain -// the values schema and the timoni workflow. - -package main - -import ( - templates "timoni.sh/adhar-backstage/templates" -) - -// Define the schema for the user-supplied values. -// At runtime, Timoni injects the supplied values -// and validates them according to the Config schema. -values: templates.#Config - -// Define how Timoni should build, validate and -// apply the Kubernetes resources. -timoni: { - apiVersion: "v1alpha1" - - // Define the instance that outputs the Kubernetes resources. - // At runtime, Timoni builds the instance and validates - // the resulting resources according to their Kubernetes schema. - instance: templates.#Instance & { - // The user-supplied values are merged with the - // default values at runtime by Timoni. - config: values - // These values are injected at runtime by Timoni. - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - // Pass Kubernetes resources outputted by the instance - // to Timoni's multi-step apply. - apply: app: [for obj in instance.objects {obj}] - - // Conditionally run tests after an install or upgrade. - if instance.config.test.enabled { - apply: test: [for obj in instance.tests {obj}] - } -} diff --git a/platform/modules/adhar-backstage/timoni.ignore b/platform/modules/adhar-backstage/timoni.ignore deleted file mode 100644 index 0722c348..00000000 --- a/platform/modules/adhar-backstage/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/platform/modules/adhar-backstage/values.cue b/platform/modules/adhar-backstage/values.cue deleted file mode 100644 index 140dcda8..00000000 --- a/platform/modules/adhar-backstage/values.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by timoni. -// Note that this file must have no imports and all values must be concrete. - -@if(!debug) - -package main - -// Defaults -values: { - message: "Hello World" - image: { - repository: "cgr.dev/chainguard/nginx" - digest: "sha256:3dd8fa303f77d7eb6ce541cb05009a5e8723bd7e3778b95131ab4a2d12fadb8f" - tag: "1.25.3" - } - test: image: { - repository: "cgr.dev/chainguard/curl" - digest: "" - tag: "latest" - } -} diff --git a/platform/modules/adhar-console/README.md b/platform/modules/adhar-console/README.md deleted file mode 100644 index 0ba2a902..00000000 --- a/platform/modules/adhar-console/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# adhar-console - -A [timoni.sh](http://timoni.sh) module for deploying adhar-console to Kubernetes clusters. - -## Install - -To create an instance using the default values: - -```shell -timoni -n default apply adhar-console oci:// -``` - -To change the [default configuration](#configuration), -create one or more `values.cue` files and apply them to the instance. - -For example, create a file `my-values.cue` with the following content: - -```cue -values: { - resources: requests: { - cpu: "100m" - memory: "128Mi" - } -} -``` - -And apply the values with: - -```shell -timoni -n default apply adhar-console oci:// \ ---values ./my-values.cue -``` - -## Uninstall - -To uninstall an instance and delete all its Kubernetes resources: - -```shell -timoni -n default delete adhar-console -``` - -## Configuration - -### General values - -| Key | Type | Default | Description | -|------------------------------|-----------------------------------------|----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| -| `image: tag:` | `string` | `` | Container image tag | -| `image: digest:` | `string` | `` | Container image digest, takes precedence over `tag` when specified | -| `image: repository:` | `string` | `cgr.dev/chainguard/nginx` | Container image repository | -| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | -| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources | -| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources | -| `podAnnotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods | -| `imagePullSecrets:` | `[...timoniv1.ObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) | -| `tolerations:` | `[ ...corev1.#Toleration]` | `[]` | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) | -| `affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | -| `resources:` | `timoniv1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | -| `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]` | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints) | -| `podSecurityContext:` | `corev1.#PodSecurityContext` | `{}` | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `service: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to the Kubernetes Service | -| `service: port:` | `int` | `80` | Kubernetes Service HTTP port | -| `test: enabled:` | `bool` | `false` | Run end-to-end tests at install and upgrades | - -#### Recommended values - -Comply with the restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/): - -```cue -values: { - podSecurityContext: { - runAsUser: 65532 - runAsGroup: 65532 - fsGroup: 65532 - } - securityContext: { - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: drop: ["ALL"] - seccompProfile: type: "RuntimeDefault" - } -} -``` diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue deleted file mode 100644 index 597f5b0e..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -#GroupName: "admission.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue deleted file mode 100644 index af26bd06..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue +++ /dev/null @@ -1,172 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// AdmissionReview describes an admission review request/response. -#AdmissionReview: { - metav1.#TypeMeta - - // Request describes the attributes for the admission request. - // +optional - request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt) - - // Response describes the attributes for the admission response. - // +optional - response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt) -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -#AdmissionRequest: { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt) - - // Resource is the fully-qualified resource being requested (for example, v1.pods) - resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt) - - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - subResource?: string @go(SubResource) @protobuf(4,bytes,opt) - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt) - - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt) - - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt) - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - name?: string @go(Name) @protobuf(5,bytes,opt) - - // Namespace is the namespace associated with the request (if any). - // +optional - namespace?: string @go(Namespace) @protobuf(6,bytes,opt) - - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - operation: #Operation @go(Operation) @protobuf(7,bytes,opt) - - // UserInfo is information about the requesting user - userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt) - - // Object is the object from the incoming request. - // +optional - object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt) - - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt) - - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt) - - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt) -} - -// AdmissionResponse describes an admission response. -#AdmissionResponse: { - // UID is an identifier for the individual request/response. - // This must be copied over from the corresponding AdmissionRequest. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Allowed indicates whether or not the admission request was permitted. - allowed: bool @go(Allowed) @protobuf(2,varint,opt) - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt) - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt) - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt) - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt) - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep) -} - -// PatchType is the type of patch being used to represent the mutated object -#PatchType: string // #enumPatchType - -#enumPatchType: - #PatchTypeJSONPatch - -#PatchTypeJSONPatch: #PatchType & "JSONPatch" - -// Operation is the type of resource operation being checked for admission control -#Operation: string // #enumOperation - -#enumOperation: - #Create | - #Update | - #Delete | - #Connect - -#Create: #Operation & "CREATE" -#Update: #Operation & "UPDATE" -#Delete: #Operation & "DELETE" -#Connect: #Operation & "CONNECT" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue deleted file mode 100644 index 5d30100e..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -// Package v1 is the v1 version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package v1 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue deleted file mode 100644 index 93348e91..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -#GroupName: "admissionregistration.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue deleted file mode 100644 index 7038db05..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue +++ /dev/null @@ -1,645 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended -// to make sure that all the tuple expansions are valid. -#Rule: { - // APIGroups is the API groups the resources belong to. '*' is all groups. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep) - - // APIVersions is the API versions the resources belong to. '*' is all versions. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' means pods. - // 'pods/log' means the log subresource of pods. - // '*' means all resources, but not subresources. - // 'pods/*' means all subresources of pods. - // '*/scale' means all scale subresources. - // '*/*' means all resources and their subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // Depending on the enclosing object, subresources might not be allowed. - // Required. - // +listType=atomic - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // scope specifies the scope of this rule. - // Valid values are "Cluster", "Namespaced", and "*" - // "Cluster" means that only cluster-scoped resources will match this rule. - // Namespace API objects are cluster-scoped. - // "Namespaced" means that only namespaced resources will match this rule. - // "*" means that there are no scope restrictions. - // Subresources match the scope of their parent resource. - // Default is "*". - // - // +optional - scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep) -} - -// ScopeType specifies a scope for a Rule. -// +enum -#ScopeType: string // #enumScopeType - -#enumScopeType: - #ClusterScope | - #NamespacedScope | - #AllScopes - -// ClusterScope means that scope is limited to cluster-scoped objects. -// Namespace objects are cluster-scoped. -#ClusterScope: #ScopeType & "Cluster" - -// NamespacedScope means that scope is limited to namespaced objects. -#NamespacedScope: #ScopeType & "Namespaced" - -// AllScopes means that all scopes are included. -#AllScopes: #ScopeType & "*" - -// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. -// +enum -#FailurePolicyType: string // #enumFailurePolicyType - -#enumFailurePolicyType: - #Ignore | - #Fail - -// Ignore means that an error calling the webhook is ignored. -#Ignore: #FailurePolicyType & "Ignore" - -// Fail means that an error calling the webhook causes the admission to fail. -#Fail: #FailurePolicyType & "Fail" - -// MatchPolicyType specifies the type of match policy. -// +enum -#MatchPolicyType: string // #enumMatchPolicyType - -#enumMatchPolicyType: - #Exact | - #Equivalent - -// Exact means requests should only be sent to the webhook if they exactly match a given rule. -#Exact: #MatchPolicyType & "Exact" - -// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. -#Equivalent: #MatchPolicyType & "Equivalent" - -// SideEffectClass specifies the types of side effects a webhook may have. -// +enum -#SideEffectClass: string // #enumSideEffectClass - -#enumSideEffectClass: - #SideEffectClassUnknown | - #SideEffectClassNone | - #SideEffectClassSome | - #SideEffectClassNoneOnDryRun - -// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassUnknown: #SideEffectClass & "Unknown" - -// SideEffectClassNone means that calling the webhook will have no side effects. -#SideEffectClassNone: #SideEffectClass & "None" - -// SideEffectClassSome means that calling the webhook will possibly have side effects. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassSome: #SideEffectClass & "Some" - -// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the -// request being reviewed has the dry-run attribute, the side effects will be suppressed. -#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun" - -// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it. -#ValidatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration. -#ValidatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ValidatingWebhookConfiguration. - items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. -#MutatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration. -#MutatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of MutatingWebhookConfiguration. - items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// ValidatingWebhook describes an admission webhook and the resources and operations it applies to. -#ValidatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt) -} - -// MutatingWebhook describes an admission webhook and the resources and operations it applies to. -#MutatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. - // Allowed values are "Never" and "IfNeeded". - // - // Never: the webhook will not be called more than once in a single admission evaluation. - // - // IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation - // if the object being admitted is modified by other admission plugins after the initial webhook call. - // Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. - // Note: - // * the number of additional invocations is not guaranteed to be exactly one. - // * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. - // * webhooks that use this option may be reordered to minimize the number of additional invocations. - // * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. - // - // Defaults to "Never". - // +optional - reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt) -} - -// ReinvocationPolicyType specifies what type of policy the admission hook uses. -// +enum -#ReinvocationPolicyType: string // #enumReinvocationPolicyType - -#enumReinvocationPolicyType: - #NeverReinvocationPolicy | - #IfNeededReinvocationPolicy - -// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a -// single admission evaluation. -#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never" - -// IfNeededReinvocationPolicy indicates that the webhook may be called at least one -// additional time as part of the admission evaluation if the object being admitted is -// modified by other admission plugins after the initial webhook call. -#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded" - -// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make -// sure that all the tuple expansions are valid. -#RuleWithOperations: { - // Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * - // for all of those operations and any future admission operations that are added. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType) - - #Rule -} - -// OperationType specifies an operation for a request. -// +enum -#OperationType: string // #enumOperationType - -#enumOperationType: - #OperationAll | - #Create | - #Update | - #Delete | - #Connect - -#OperationAll: #OperationType & "*" -#Create: #OperationType & "CREATE" -#Update: #OperationType & "UPDATE" -#Delete: #OperationType & "DELETE" -#Connect: #OperationType & "CONNECT" - -// WebhookClientConfig contains the information to make a TLS -// connection with the webhook -#WebhookClientConfig: { - // `url` gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // `service` is a reference to the service for this webhook. Either - // `service` or `url` must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // `namespace` is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // `name` is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // `path` is an optional URL path which will be sent in any request to - // this service. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // If specified, the port on the service that hosting webhook. - // Default to 443 for backward compatibility. - // `port` should be a valid port number (1-65535, inclusive). - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. -#MatchCondition: { - // Name is an identifier for this match condition, used for strategic merging of MatchConditions, - // as well as providing an identifier for logging purposes. A good name should be descriptive of - // the associated expression. - // Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and - // must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or - // '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an - // optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') - // - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. - // CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: - // - // 'object' - The object from the incoming request. The value is null for DELETE requests. - // 'oldObject' - The existing object. The value is null for CREATE requests. - // 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). - // 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. - // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz - // 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the - // request resource. - // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ - // - // Required. - expression: string @go(Expression) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue deleted file mode 100644 index c2497a51..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -#GroupName: "apps" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue deleted file mode 100644 index d3ecc834..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue +++ /dev/null @@ -1,946 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -#ControllerRevisionHashLabelKey: "controller-revision-hash" -#StatefulSetRevisionLabel: "controller-revision-hash" -#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" -#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" -#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" -#PodIndexLabel: "apps.kubernetes.io/pod-index" - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -#StatefulSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired identities of pods in this set. - // +optional - spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -// +enum -#PodManagementPolicyType: string // #enumPodManagementPolicyType - -#enumPodManagementPolicyType: - #OrderedReadyPodManagement | - #ParallelPodManagement - -// OrderedReadyPodManagement will create pods in strictly increasing order on -// scale up and strictly decreasing order on scale down, progressing only when -// the previous pod is ready or terminated. At most one pod will be changed -// at any time. -#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" - -// ParallelPodManagement will create and delete pods as soon as the stateful set -// replica count is changed, and will not wait for pods to be ready or complete -// termination. -#ParallelPodManagement: #PodManagementPolicyType & "Parallel" - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -#StatefulSetUpdateStrategy: { - // Type indicates the type of the StatefulSetUpdateStrategy. - // Default is RollingUpdate. - // +optional - type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) - - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - // +optional - rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -// +enum -#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType - -#enumStatefulSetUpdateStrategyType: - #RollingUpdateStatefulSetStrategyType | - #OnDeleteStatefulSetStrategyType - -// RollingUpdateStatefulSetStrategyType indicates that update will be -// applied to all Pods in the StatefulSet with respect to the StatefulSet -// ordering constraints. When a scale operation is performed with this -// strategy, new Pods will be created from the specification version indicated -// by the StatefulSet's updateRevision. -#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" - -// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version -// tracking and ordered rolling restarts are disabled. Pods are recreated -// from the StatefulSetSpec when they are manually deleted. When a scale -// operation is performed with this strategy,specification version indicated -// by the StatefulSet's currentRevision. -#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -#RollingUpdateStatefulSetStrategy: { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - // +optional - partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) - - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType - -#enumPersistentVolumeClaimRetentionPolicyType: - #RetainPersistentVolumeClaimRetentionPolicyType | - #DeletePersistentVolumeClaimRetentionPolicyType - -// RetainPersistentVolumeClaimRetentionPolicyType is the default -// PersistentVolumeClaimRetentionPolicy and specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will not be deleted. -#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" - -// RetentionPersistentVolumeClaimRetentionPolicyType specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will be deleted in the scenario specified in -// StatefulSetPersistentVolumeClaimRetentionPolicy. -#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -#StatefulSetPersistentVolumeClaimRetentionPolicy: { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) - - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -#StatefulSetOrdinals: { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - start: int32 @go(Start) @protobuf(1,varint,opt) -} - -// A StatefulSetSpec is the specification of a StatefulSet. -#StatefulSetSpec: { - // replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // selector is a label query over pods that should match the replica count. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // -. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // volumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) - - // serviceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) - - // podManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) - - // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent - // volume claims created from volumeClaimTemplates. By default, all persistent - // volume claims are created as needed and retained until manually deleted. This - // policy allows the lifecycle to be altered, for example by deleting persistent - // volume claims when their stateful set is deleted, or when their pod is scaled - // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, - // which is alpha. +optional - persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is beta. - // +optional - ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) -} - -// StatefulSetStatus represents the current state of a StatefulSet. -#StatefulSetStatus: { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // replicas is the number of Pods created by the StatefulSet controller. - replicas: int32 @go(Replicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a statefulset's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) -} - -#StatefulSetConditionType: string - -// StatefulSetCondition describes the state of a statefulset at a certain point. -#StatefulSetCondition: { - // Type of statefulset condition. - type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// StatefulSetList is a collection of StatefulSets. -#StatefulSetList: { - metav1.#TypeMeta - - // Standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of stateful sets. - items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) -} - -// Deployment enables declarative updates for Pods and ReplicaSets. -#Deployment: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the Deployment. - // +optional - spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the Deployment. - // +optional - status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DeploymentSpec is the specification of the desired behavior of the Deployment. -#DeploymentSpec: { - // Number of desired pods. This is a pointer to distinguish between explicit - // zero and not specified. Defaults to 1. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // It must match the pod template's labels. - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template describes the pods that will be created. - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - // +patchStrategy=retainKeys - strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) - - // Indicates that the deployment is paused. - // +optional - paused?: bool @go(Paused) @protobuf(7,varint,opt) - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. Defaults to 600s. - progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) -} - -// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added -// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets -// to select new pods (and old pods being select by new ReplicaSet). -#DefaultDeploymentUniqueLabelKey: "pod-template-hash" - -// DeploymentStrategy describes how to replace existing pods with new ones. -#DeploymentStrategy: { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) -} - -// +enum -#DeploymentStrategyType: string // #enumDeploymentStrategyType - -#enumDeploymentStrategyType: - #RecreateDeploymentStrategyType | - #RollingUpdateDeploymentStrategyType - -// Kill all existing pods before creating new ones. -#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" - -// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. -#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" - -// Spec to control the desired behavior of rolling update. -#RollingUpdateDeployment: { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // Defaults to 25%. - // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - // that the total number of pods available at all times during the update is at - // least 70% of desired pods. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of pods that can be scheduled above the desired number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // Defaults to 25%. - // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - // the rolling update starts, such that the total number of old and new pods do not exceed - // 130% of desired pods. Once old pods have been killed, - // new ReplicaSet can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of desired pods. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DeploymentStatus is the most recently observed status of the Deployment. -#DeploymentStatus: { - // The generation observed by the deployment controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) - - // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) - - // Represents the latest available observations of a deployment's current state. - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) -} - -#DeploymentConditionType: string // #enumDeploymentConditionType - -#enumDeploymentConditionType: - #DeploymentAvailable | - #DeploymentProgressing | - #DeploymentReplicaFailure - -// Available means the deployment is available, ie. at least the minimum available -// replicas required are up and running for at least minReadySeconds. -#DeploymentAvailable: #DeploymentConditionType & "Available" - -// Progressing means the deployment is progressing. Progress for a deployment is -// considered when a new replica set is created or adopted, and when new pods scale -// up or old pods scale down. Progress is not estimated for paused deployments or -// when progressDeadlineSeconds is not specified. -#DeploymentProgressing: #DeploymentConditionType & "Progressing" - -// ReplicaFailure is added in a deployment when one of its pods fails to be created -// or deleted. -#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" - -// DeploymentCondition describes the state of a deployment at a certain point. -#DeploymentCondition: { - // Type of deployment condition. - type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time this condition was updated. - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) - - // Last time the condition transitioned from one status to another. - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) - - // The reason for the condition's last transition. - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DeploymentList is a list of Deployments. -#DeploymentList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Deployments. - items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) -} - -// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. -#DaemonSetUpdateStrategy: { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. - // +optional - type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) -} - -// +enum -#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType - -#enumDaemonSetUpdateStrategyType: - #RollingUpdateDaemonSetStrategyType | - #OnDeleteDaemonSetStrategyType - -// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. -#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" - -// Replace the old daemons only when it's killed -#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" - -// Spec to control the desired behavior of daemon set rolling update. -#RollingUpdateDaemonSet: { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediatedly created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DaemonSetSpec is the specification of a daemon set. -#DaemonSetSpec: { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) -} - -// DaemonSetStatus represents the current status of a daemon set. -#DaemonSetStatus: { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) - - // numberReady is the number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running with a Ready Condition. - numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) - - // The most recent generation observed by the daemon set controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) - - // The total number of nodes that are running updated daemon pod - // +optional - updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a DaemonSet's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) -} - -#DaemonSetConditionType: string - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -#DaemonSetCondition: { - // Type of DaemonSet condition. - type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DaemonSet represents the configuration of a daemon set. -#DaemonSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DefaultDaemonSetUniqueLabelKey is the default label key that is added -// to existing DaemonSet pods to distinguish between old and new -// DaemonSet pods during DaemonSet template updates. -#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" - -// DaemonSetList is a collection of daemon sets. -#DaemonSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // A list of daemon sets. - items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) -} - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -#ReplicaSet: { - metav1.#TypeMeta - - // If the Labels of a ReplicaSet are empty, they are defaulted to - // be the same as the Pod(s) that the ReplicaSet manages. - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the ReplicaSet. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the ReplicaSet. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicaSetList is a collection of ReplicaSets. -#ReplicaSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ReplicaSets. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -#ReplicaSetSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the replica count. - // Label keys and values that must match in order to be controlled by this replica set. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -#ReplicaSetStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replica set's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) -} - -#ReplicaSetConditionType: string // #enumReplicaSetConditionType - -#enumReplicaSetConditionType: - #ReplicaSetReplicaFailure - -// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created -// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted -// due to kubelet being down or finalizers are failing. -#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" - -// ReplicaSetCondition describes the state of a replica set at a certain point. -#ReplicaSetCondition: { - // Type of replica set condition. - type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both -// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, -// it may be subject to name and representation changes in future releases, and clients should not -// depend on its stability. It is primarily for internal use by controllers. -#ControllerRevision: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Data is the serialized representation of the state. - data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) - - // Revision indicates the revision of the state represented by Data. - revision: int64 @go(Revision) @protobuf(3,varint,opt) -} - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -#ControllerRevisionList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ControllerRevisions - items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue deleted file mode 100644 index 08256009..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -#GroupName: "authentication.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue deleted file mode 100644 index 5f0127a6..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -// ImpersonateUserHeader is used to impersonate a particular user during an API server request -#ImpersonateUserHeader: "Impersonate-User" - -// ImpersonateGroupHeader is used to impersonate a particular group during an API server request. -// It can be repeated multiplied times for multiple groups. -#ImpersonateGroupHeader: "Impersonate-Group" - -// ImpersonateUIDHeader is used to impersonate a particular UID during an API server request -#ImpersonateUIDHeader: "Impersonate-Uid" - -// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the -// extra map[string][]string for user.Info. The key will be every after the prefix. -// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple -// times to have multiple elements in the slice under a single key -#ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-" - -// TokenReview attempts to authenticate a token to a known user. -// Note: TokenReview requests may be cached by the webhook token authenticator -// plugin in the kube-apiserver. -#TokenReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request can be authenticated. - // +optional - status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenReviewSpec is a description of the token authentication request. -#TokenReviewSpec: { - // Token is the opaque bearer token. - // +optional - token?: string @go(Token) @protobuf(1,bytes,opt) - - // Audiences is a list of the identifiers that the resource server presented - // with the token identifies as. Audience-aware token authenticators will - // verify that the token was intended for at least one of the audiences in - // this list. If no audiences are provided, the audience will default to the - // audience of the Kubernetes apiserver. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep) -} - -// TokenReviewStatus is the result of the token authentication request. -#TokenReviewStatus: { - // Authenticated indicates that the token was associated with a known user. - // +optional - authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt) - - // User is the UserInfo associated with the provided token. - // +optional - user?: #UserInfo @go(User) @protobuf(2,bytes,opt) - - // Audiences are audience identifiers chosen by the authenticator that are - // compatible with both the TokenReview and token. An identifier is any - // identifier in the intersection of the TokenReviewSpec audiences and the - // token's audiences. A client of the TokenReview API that sets the - // spec.audiences field should validate that a compatible audience identifier - // is returned in the status.audiences field to ensure that the TokenReview - // server is audience aware. If a TokenReview returns an empty - // status.audience field where status.authenticated is "true", the token is - // valid against the audience of the Kubernetes API server. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep) - - // Error indicates that the token couldn't be checked - // +optional - error?: string @go(Error) @protobuf(3,bytes,opt) -} - -// UserInfo holds the information about the user needed to implement the -// user.Info interface. -#UserInfo: { - // The name that uniquely identifies this user among all active users. - // +optional - username?: string @go(Username) @protobuf(1,bytes,opt) - - // A unique value that identifies this user across time. If this user is - // deleted and another user by the same name is added, they will have - // different UIDs. - // +optional - uid?: string @go(UID) @protobuf(2,bytes,opt) - - // The names of groups this user is a part of. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep) - - // Any additional information provided by the authenticator. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// TokenRequest requests a token for a given service account. -#TokenRequest: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the token can be authenticated. - // +optional - status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenRequestSpec contains client provided parameters of a token request. -#TokenRequestSpec: { - // Audiences are the intendend audiences of the token. A recipient of a - // token must identify themself with an identifier in the list of - // audiences of the token, and otherwise should reject the token. A - // token issued for multiple audiences may be used to authenticate - // against any of the audiences listed but implies a high degree of - // trust between the target audiences. - audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep) - - // ExpirationSeconds is the requested duration of validity of the request. The - // token issuer may return a token with a different validity duration so a - // client needs to check the 'expiration' field in a response. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt) - - // BoundObjectRef is a reference to an object that the token will be bound to. - // The token will only be valid for as long as the bound object exists. - // NOTE: The API server's TokenReview endpoint will validate the - // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds - // small if you want prompt revocation. - // +optional - boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt) -} - -// TokenRequestStatus is the result of a token request. -#TokenRequestStatus: { - // Token is the opaque bearer token. - token: string @go(Token) @protobuf(1,bytes,opt) - - // ExpirationTimestamp is the time of expiration of the returned token. - expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt) -} - -// BoundObjectReference is a reference to an object that a token is bound to. -#BoundObjectReference: { - // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) - - // Name of the referent. - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. -// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or -// request header authentication is used, any extra keys will have their case ignored and returned as lowercase. -#SelfSubjectReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Status is filled in by the server with the user attributes. - status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt) -} - -// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user. -#SelfSubjectReviewStatus: { - // User attributes of the user making this request. - // +optional - userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue deleted file mode 100644 index afd54ec0..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -#GroupName: "authorization.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue deleted file mode 100644 index 6eaf8187..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue +++ /dev/null @@ -1,262 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// SubjectAccessReview checks whether or not a user or group can perform an action. -#SubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a -// spec.namespace means "in all namespaces". Self is a special case, because users should always be able -// to check whether they can perform an action -#SelfSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. user and groups must be empty - spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. -// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions -// checking. -#LocalSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace - // you made the request against. If empty, it is defaulted. - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface -#ResourceAttributes: { - // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces - // "" (empty) is defaulted for LocalSubjectAccessReviews - // "" (empty) is empty for cluster-scoped resources - // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview - // +optional - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) - - // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) - - // Group is the API Group of the Resource. "*" means all. - // +optional - group?: string @go(Group) @protobuf(3,bytes,opt) - - // Version is the API Version of the Resource. "*" means all. - // +optional - version?: string @go(Version) @protobuf(4,bytes,opt) - - // Resource is one of the existing resource types. "*" means all. - // +optional - resource?: string @go(Resource) @protobuf(5,bytes,opt) - - // Subresource is one of the existing resource types. "" means none. - // +optional - subresource?: string @go(Subresource) @protobuf(6,bytes,opt) - - // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. - // +optional - name?: string @go(Name) @protobuf(7,bytes,opt) -} - -// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface -#NonResourceAttributes: { - // Path is the URL path of the request - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Verb is the standard HTTP verb - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) - - // User is the user you're testing for. - // If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // Groups is the groups you're testing for. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer - // it needs a reflection here. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep) - - // UID information about the requesting user. - // +optional - uid?: string @go(UID) @protobuf(6,bytes,opt) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SelfSubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewStatus -#SubjectAccessReviewStatus: { - // Allowed is required. True if the action would be allowed, false otherwise. - allowed: bool @go(Allowed) @protobuf(1,varint,opt) - - // Denied is optional. True if the action would be denied, otherwise - // false. If both allowed is false and denied is false, then the - // authorizer has no opinion on whether to authorize the action. Denied - // may not be true if Allowed is true. - // +optional - denied?: bool @go(Denied) @protobuf(4,varint,opt) - - // Reason is optional. It indicates why a request was allowed or denied. - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // EvaluationError is an indication that some error occurred during the authorization check. - // It is entirely possible to get an error and be able to continue determine authorization status in spite of it. - // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. -// The returned list of actions may be incomplete depending on the server's authorization mode, -// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, -// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to -// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. -// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. -#SelfSubjectRulesReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. - spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates the set of actions a user can perform. - // +optional - status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview. -#SelfSubjectRulesReviewSpec: { - // Namespace to evaluate rules for. Required. - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) -} - -// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on -// the set of authorizers the server is configured with and any errors experienced during evaluation. -// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, -// even if that list is incomplete. -#SubjectRulesReviewStatus: { - // ResourceRules is the list of actions the subject is allowed to perform on resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep) - - // NonResourceRules is the list of actions the subject is allowed to perform on non-resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep) - - // Incomplete is true when the rules returned by this call are incomplete. This is most commonly - // encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation. - incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep) - - // EvaluationError can appear in combination with Rules. It indicates an error occurred during - // rule evaluation, such as an authorizer that doesn't support rule evaluation, and that - // ResourceRules and/or NonResourceRules may be incomplete. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt) -} - -// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, -// may contain duplicates, and possibly be incomplete. -#ResourceRule: { - // Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "*" means all. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. - // "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) -} - -// NonResourceRule holds information that describes a rule for the non-resource -#NonResourceRule: { - // Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, - // final step in the path. "*" means all. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue deleted file mode 100644 index 0a7f3423..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -#GroupName: "autoscaling" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue deleted file mode 100644 index 6e873a35..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue +++ /dev/null @@ -1,542 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/api/core/v1" -) - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -// +structType=atomic -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// specification of a horizontal pod autoscaler. -#HorizontalPodAutoscalerSpec: { - // reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption - // and will set the desired number of pods by using its Scale subresource. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods; - // if not specified the default autoscaling policy will be used. - // +optional - targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt) -} - -// current status of a horizontal pod autoscaler -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods; - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is the current number of replicas of pods managed by this autoscaler. - currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU, - // e.g. 70 means that an average pod is using now 70% of its requested CPU. - // +optional - currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt) -} - -// configuration of a horizontal pod autoscaler. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} - -// Scale represents a scaling request for a resource. -#Scale: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only. - // +optional - status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ScaleSpec describes the attributes of a scale subresource. -#ScaleSpec: { - // replicas is the desired number of instances for the scaled object. - // +optional - replicas?: int32 @go(Replicas) @protobuf(1,varint,opt) -} - -// ScaleStatus represents the current status of a scale subresource. -#ScaleStatus: { - // replicas is the actual number of observed instances of the scaled object. - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // selector is the label query over pods that should match the replicas count. This is same - // as the label selector but in the string format to avoid introspection - // by clients. The string will be in the same format as the query-param syntax. - // More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // +optional - selector?: string @go(Selector) @protobuf(2,bytes,opt) -} - -// MetricSourceType indicates the type of metric. -// +enum -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod of the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // targetValue is the target value of the metric (as a quantity). - targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric. - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // targetAverageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in the requests and limits, describing a single container in -// each of the pods of the current scale target(e.g. CPU or memory). The values will be -// averaged together before being compared to the target. Such metrics are built into -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // container is the name of the container in the pods of the scaling target. - container: string @go(Container) @protobuf(5,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // targetValue is the target value of the metric (as a quantity). - // Mutually exclusive with TargetAverageValue. - // +optional - targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // targetAverageValue is the target per-pod value of global metric (as a quantity). - // Mutually exclusive with TargetValue. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // currentValue is the current value of the metric (as a quantity). - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // currentAverageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) - - // container is the name of the container in the pods of the scaling taget - container: string @go(Container) @protobuf(4,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metricName is the name of a metric used for autoscaling in - // metric system. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // currentValue is the current value of the metric (as a quantity) - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // currentAverageValue is the current value of metric averaged over autoscaled pods. - // +optional - currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue deleted file mode 100644 index aea0fb26..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -#GroupName: "autoscaling" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue deleted file mode 100644 index 76702085..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue +++ /dev/null @@ -1,597 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// HorizontalPodAutoscaler is the configuration for a horizontal pod -// autoscaler, which automatically manages the replica count of any resource -// implementing the scale subresource based on the metrics specified. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // metadata is the standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification for the behaviour of the autoscaler. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler. -#HorizontalPodAutoscalerSpec: { - // scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - // should be collected, as well as to actually change the replica count. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - // It cannot be less that minReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // metrics contains the specifications for which to use to calculate the - // desired replica count (the maximum replica count across all metrics will - // be used). The desired replica count is calculated multiplying the - // ratio between the target value and the current value by the current - // number of pods. Ergo, metrics used must decrease as the pod count is - // increased, and vice-versa. See the individual metric source types for - // more information about how each type of metric must respond. - // If not set, the default metric will be set to 80% average CPU utilization. - // +listType=atomic - // +optional - metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep) - - // behavior configures the scaling behavior of the target - // in both Up and Down directions (scaleUp and scaleDown fields respectively). - // If not set, the default HPAScalingRules for scale up and scale down are used. - // +optional - behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt) -} - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in - // each pod of the current scale target (e.g. CPU or memory). Such metrics are - // built in to Kubernetes, and have special scaling options on top of those - // available to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target -// in both Up and Down directions (scaleUp and scaleDown fields respectively). -#HorizontalPodAutoscalerBehavior: { - // scaleUp is scaling policy for scaling Up. - // If not set, the default value is the higher of: - // * increase no more than 4 pods per 60 seconds - // * double the number of pods per 60 seconds - // No stabilization is used. - // +optional - scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt) - - // scaleDown is scaling policy for scaling Down. - // If not set, the default value is to allow to scale down to minReplicas pods, with a - // 300 second stabilization window (i.e., the highest recommendation for - // the last 300sec is used). - // +optional - scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt) -} - -// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction -#ScalingPolicySelect: string // #enumScalingPolicySelect - -#enumScalingPolicySelect: - #MaxChangePolicySelect | - #MinChangePolicySelect | - #DisabledPolicySelect - -// MaxChangePolicySelect selects the policy with the highest possible change. -#MaxChangePolicySelect: #ScalingPolicySelect & "Max" - -// MinChangePolicySelect selects the policy with the lowest possible change. -#MinChangePolicySelect: #ScalingPolicySelect & "Min" - -// DisabledPolicySelect disables the scaling in this direction. -#DisabledPolicySelect: #ScalingPolicySelect & "Disabled" - -// HPAScalingRules configures the scaling behavior for one direction. -// These Rules are applied after calculating DesiredReplicas from metrics for the HPA. -// They can limit the scaling velocity by specifying scaling policies. -// They can prevent flapping by specifying the stabilization window, so that the -// number of replicas is not set instantly, instead, the safest value from the stabilization -// window is chosen. -#HPAScalingRules: { - // stabilizationWindowSeconds is the number of seconds for which past recommendations should be - // considered while scaling up or scaling down. - // StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - // If not set, use the default values: - // - For scale up: 0 (i.e. no stabilization is done). - // - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - // +optional - stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt) - - // selectPolicy is used to specify which policy should be used. - // If not set, the default value Max is used. - // +optional - selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt) - - // policies is a list of potential scaling polices which can be used during scaling. - // At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - // +listType=atomic - // +optional - policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep) -} - -// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions. -#HPAScalingPolicyType: string // #enumHPAScalingPolicyType - -#enumHPAScalingPolicyType: - #PodsScalingPolicy | - #PercentScalingPolicy - -// PodsScalingPolicy is a policy used to specify a change in absolute number of pods. -#PodsScalingPolicy: #HPAScalingPolicyType & "Pods" - -// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to -// the current number of pods. -#PercentScalingPolicy: #HPAScalingPolicyType & "Percent" - -// HPAScalingPolicy is a single policy which must hold true for a specified past interval. -#HPAScalingPolicy: { - // type is used to specify the scaling policy. - type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType) - - // value contains the amount of change which is permitted by the policy. - // It must be greater than zero - value: int32 @go(Value) @protobuf(2,varint,opt) - - // periodSeconds specifies the window of time for which the policy should hold true. - // PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt) -} - -// MetricSourceType indicates the type of metric. -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // describedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// MetricIdentifier defines the name and optionally selector for a metric -#MetricIdentifier: { - // name is the name of the given metric - name: string @go(Name) @protobuf(1,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes) -} - -// MetricTarget defines the target value, average value, or average utilization of a specific metric -#MetricTarget: { - // type represents whether the metric type is Utilization, Value, or AverageValue - type: #MetricTargetType @go(Type) @protobuf(1,bytes) - - // value is the target value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // averageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // Currently only valid for Resource metric source type - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt) -} - -// MetricTargetType specifies the type of metric being targeted, and should be either -// "Value", "AverageValue", or "Utilization" -#MetricTargetType: string // #enumMetricTargetType - -#enumMetricTargetType: - #UtilizationMetricType | - #ValueMetricType | - #AverageValueMetricType - -// UtilizationMetricType declares a MetricTarget is an AverageUtilization value -#UtilizationMetricType: #MetricTargetType & "Utilization" - -// ValueMetricType declares a MetricTarget is a raw value -#ValueMetricType: #MetricTargetType & "Value" - -// AverageValueMetricType declares a MetricTarget is an -#AverageValueMetricType: #MetricTargetType & "AverageValue" - -// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler. -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is current number of replicas of pods managed by this autoscaler, - // as last seen by the autoscaler. - // +optional - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler, - // as last calculated by the autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentMetrics is the last read state of the metrics used by this autoscaler. - // +listType=atomic - // +optional - currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep) - - // conditions is the set of conditions required for this autoscaler to scale its target, - // and indicates whether or not those conditions are met. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // container resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // DescribedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// MetricValueStatus holds the current value for a metric -#MetricValueStatus: { - // value is the current value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // metadata is the standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue deleted file mode 100644 index 5c489087..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -#GroupName: "batch" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue deleted file mode 100644 index 3cbdc66f..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue +++ /dev/null @@ -1,693 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" -) - -// All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels -// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions -_#labelPrefix: "batch.kubernetes.io/" - -// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job. -// It records the original/expected scheduled timestamp for the running job, represented in RFC3339. -// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled. -#CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp" -#JobCompletionIndexAnnotation: "batch.kubernetes.io/job-completion-index" - -// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from -// being deleted before being accounted in the Job status. -// -// Additionally, the apiserver and job controller use this string as a Job -// annotation, to mark Jobs that are being tracked using pod finalizers. -// However, this behavior is deprecated in kubernetes 1.26. This means that, in -// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the -// apiserver and job controller will ignore this annotation and they will -// always track jobs using finalizers. -#JobTrackingFinalizer: "batch.kubernetes.io/job-tracking" - -// The Job labels will use batch.kubernetes.io as a prefix for all labels -// Historically the job controller uses unprefixed labels for job-name and controller-uid and -// Kubernetes continutes to recognize those unprefixed labels for consistency. -#JobNameLabel: "batch.kubernetes.io/job-name" - -// ControllerUid is used to programatically get pods corresponding to a Job. -// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons. -#ControllerUidLabel: "batch.kubernetes.io/controller-uid" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which are counted towards the backoff limit. -#JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which don't count towards the backoff limit, according to the -// pod failure policy. When the annotation is absent zero is implied. -#JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count" - -// Job represents the configuration of a single job. -#Job: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #JobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// JobList is a collection of jobs. -#JobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Jobs. - items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep) -} - -// CompletionMode specifies how Pod completions of a Job are tracked. -// +enum -#CompletionMode: string // #enumCompletionMode - -#enumCompletionMode: - #NonIndexedCompletion | - #IndexedCompletion - -// NonIndexedCompletion is a Job completion mode. In this mode, the Job is -// considered complete when there have been .spec.completions -// successfully completed Pods. Pod completions are homologous to each other. -#NonIndexedCompletion: #CompletionMode & "NonIndexed" - -// IndexedCompletion is a Job completion mode. In this mode, the Pods of a -// Job get an associated completion index from 0 to (.spec.completions - 1). -// The Job is considered complete when a Pod completes for each completion -// index. -#IndexedCompletion: #CompletionMode & "Indexed" - -// PodFailurePolicyAction specifies how a Pod failure is handled. -// +enum -#PodFailurePolicyAction: string // #enumPodFailurePolicyAction - -#enumPodFailurePolicyAction: - #PodFailurePolicyActionFailJob | - #PodFailurePolicyActionFailIndex | - #PodFailurePolicyActionIgnore | - #PodFailurePolicyActionCount - -// This is an action which might be taken on a pod failure - mark the -// pod's job as Failed and terminate all running pods. -#PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob" - -// This is an action which might be taken on a pod failure - mark the -// Job's index as failed to avoid restarts within this index. This action -// can only be used when backoffLimitPerIndex is set. -#PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex" - -// This is an action which might be taken on a pod failure - the counter towards -// .backoffLimit, represented by the job's .status.failed field, is not -// incremented and a replacement pod is created. -#PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore" - -// This is an action which might be taken on a pod failure - the pod failure -// is handled in the default way - the counter towards .backoffLimit, -// represented by the job's .status.failed field, is incremented. -#PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count" - -// +enum -#PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator - -#enumPodFailurePolicyOnExitCodesOperator: - #PodFailurePolicyOnExitCodesOpIn | - #PodFailurePolicyOnExitCodesOpNotIn - -#PodFailurePolicyOnExitCodesOpIn: #PodFailurePolicyOnExitCodesOperator & "In" -#PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn" - -// PodReplacementPolicy specifies the policy for creating pod replacements. -// +enum -#PodReplacementPolicy: string // #enumPodReplacementPolicy - -#enumPodReplacementPolicy: - #TerminatingOrFailed | - #Failed - -// TerminatingOrFailed means that we recreate pods -// when they are terminating (has a metadata.deletionTimestamp) or failed. -#TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed" - -// Failed means to wait until a previously created Pod is fully terminated (has phase -// Failed or Succeeded) before creating a replacement Pod. -#Failed: #PodReplacementPolicy & "Failed" - -// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling -// a failed pod based on its container exit codes. In particular, it lookups the -// .state.terminated.exitCode for each app container and init container status, -// represented by the .status.containerStatuses and .status.initContainerStatuses -// fields in the Pod status, respectively. Containers completed with success -// (exit code 0) are excluded from the requirement check. -#PodFailurePolicyOnExitCodesRequirement: { - // Restricts the check for exit codes to the container with the - // specified name. When null, the rule applies to all containers. - // When specified, it should match one the container or initContainer - // names in the pod template. - // +optional - containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt) - - // Represents the relationship between the container exit code(s) and the - // specified values. Containers completed with success (exit code 0) are - // excluded from the requirement check. Possible values are: - // - // - In: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is in the set of specified values. - // - NotIn: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is not in the set of specified values. - // Additional values are considered to be added in the future. Clients should - // react to an unknown operator by assuming the requirement is not satisfied. - operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req) - - // Specifies the set of values. Each returned container exit code (might be - // multiple in case of multiple containers) is checked against this set of - // values with respect to the operator. The list of values must be ordered - // and must not contain duplicates. Value '0' cannot be used for the In operator. - // At least one element is required. At most 255 elements are allowed. - // +listType=set - values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep) -} - -// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching -// an actual pod condition type. -#PodFailurePolicyOnPodConditionsPattern: { - // Specifies the required Pod condition type. To match a pod condition - // it is required that specified type equals the pod condition type. - type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req) - - // Specifies the required Pod condition status. To match a pod condition - // it is required that the specified status equals the pod condition status. - // Defaults to True. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req) -} - -// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. -// One of onExitCodes and onPodConditions, but not both, can be used in each rule. -#PodFailurePolicyRule: { - // Specifies the action taken on a pod failure when the requirements are satisfied. - // Possible values are: - // - // - FailJob: indicates that the pod's job is marked as Failed and all - // running pods are terminated. - // - FailIndex: indicates that the pod's index is marked as Failed and will - // not be restarted. - // This value is alpha-level. It can be used when the - // `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). - // - Ignore: indicates that the counter towards the .backoffLimit is not - // incremented and a replacement pod is created. - // - Count: indicates that the pod is handled in the default way - the - // counter towards the .backoffLimit is incremented. - // Additional values are considered to be added in the future. Clients should - // react to an unknown action by skipping the rule. - action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req) - - // Represents the requirement on the container exit codes. - // +optional - onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt) - - // Represents the requirement on the pod conditions. The requirement is represented - // as a list of pod condition patterns. The requirement is satisfied if at - // least one pattern matches an actual pod condition. At most 20 elements are allowed. - // +listType=atomic - // +optional - onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt) -} - -// PodFailurePolicy describes how failed pods influence the backoffLimit. -#PodFailurePolicy: { - // A list of pod failure policy rules. The rules are evaluated in order. - // Once a rule matches a Pod failure, the remaining of the rules are ignored. - // When no rule matches the Pod failure, the default handling applies - the - // counter of pod failures is incremented and it is checked against - // the backoffLimit. At most 20 elements are allowed. - // +listType=atomic - rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt) -} - -// JobSpec describes how the job execution will look like. -#JobSpec: { - // Specifies the maximum desired number of pods the job should - // run at any given time. The actual number of pods running in steady state will - // be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - // i.e. when the work left to do is less than max parallelism. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt) - - // Specifies the desired number of successfully finished pods the - // job should be run with. Setting to null means that the success of any - // pod signals the success of all pods, and allows parallelism to have any positive - // value. Setting to 1 means that parallelism is limited to 1 and the success of that - // pod signals the success of the job. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt) - - // Specifies the duration in seconds relative to the startTime that the job - // may be continuously active before the system tries to terminate it; value - // must be positive integer. If a Job is suspended (at creation or through an - // update), this timer will effectively be stopped and reset when the Job is - // resumed again. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt) - - // Specifies the policy of handling failed pods. In particular, it allows to - // specify the set of actions and conditions which need to be - // satisfied to take the associated action. - // If empty, the default behaviour applies - the counter of failed pods, - // represented by the jobs's .status.failed field, is incremented and it is - // checked against the backoffLimit. This field cannot be used in combination - // with restartPolicy=OnFailure. - // - // This field is beta-level. It can be used when the `JobPodFailurePolicy` - // feature gate is enabled (enabled by default). - // +optional - podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt) - - // Specifies the number of retries before marking this job failed. - // Defaults to 6 - // +optional - backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt) - - // Specifies the limit for the number of retries within an - // index before marking this index as failed. When enabled the number of - // failures per index is kept in the pod's - // batch.kubernetes.io/job-index-failure-count annotation. It can only - // be set when Job's completionMode=Indexed, and the Pod's restart - // policy is Never. The field is immutable. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt) - - // Specifies the maximal number of failed indexes before marking the Job as - // failed, when backoffLimitPerIndex is set. Once the number of failed - // indexes exceeds this number the entire Job is marked as Failed and its - // execution is terminated. When left as null the job continues execution of - // all of its indexes and is marked with the `Complete` Job condition. - // It can only be specified when backoffLimitPerIndex is set. - // It can be null or up to completions. It is required and must be - // less than or equal to 10^4 when is completions greater than 10^5. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt) - - // A label query over pods that should match the pod count. - // Normally, the system sets this field for you. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // manualSelector controls generation of pod labels and pod selectors. - // Leave `manualSelector` unset unless you are certain what you are doing. - // When false or unset, the system pick labels unique to this job - // and appends those labels to the pod template. When true, - // the user is responsible for picking unique labels and specifying - // the selector. Failure to pick a unique label may cause this - // and other jobs to not function correctly. However, You may see - // `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` - // API. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector - // +optional - manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt) - - // Describes the pod that will be created when executing a job. - // The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt) - - // ttlSecondsAfterFinished limits the lifetime of a Job that has finished - // execution (either Complete or Failed). If this field is set, - // ttlSecondsAfterFinished after the Job finishes, it is eligible to be - // automatically deleted. When the Job is being deleted, its lifecycle - // guarantees (e.g. finalizers) will be honored. If this field is unset, - // the Job won't be automatically deleted. If this field is set to zero, - // the Job becomes eligible to be deleted immediately after it finishes. - // +optional - ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt) - - // completionMode specifies how Pod completions are tracked. It can be - // `NonIndexed` (default) or `Indexed`. - // - // `NonIndexed` means that the Job is considered complete when there have - // been .spec.completions successfully completed Pods. Each Pod completion is - // homologous to each other. - // - // `Indexed` means that the Pods of a - // Job get an associated completion index from 0 to (.spec.completions - 1), - // available in the annotation batch.kubernetes.io/job-completion-index. - // The Job is considered complete when there is one successfully completed Pod - // for each index. - // When value is `Indexed`, .spec.completions must be specified and - // `.spec.parallelism` must be less than or equal to 10^5. - // In addition, The Pod name takes the form - // `$(job-name)-$(index)-$(random-string)`, - // the Pod hostname takes the form `$(job-name)-$(index)`. - // - // More completion modes can be added in the future. - // If the Job controller observes a mode that it doesn't recognize, which - // is possible during upgrades due to version skew, the controller - // skips updates for the Job. - // +optional - completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode) - - // suspend specifies whether the Job controller should create Pods or not. If - // a Job is created with suspend set to true, no Pods are created by the Job - // controller. If a Job is suspended after creation (i.e. the flag goes from - // false to true), the Job controller will delete all active Pods associated - // with this Job. Users must design their workload to gracefully handle this. - // Suspending a Job will reset the StartTime field of the Job, effectively - // resetting the ActiveDeadlineSeconds timer too. Defaults to false. - // - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt) - - // podReplacementPolicy specifies when to create replacement Pods. - // Possible values are: - // - TerminatingOrFailed means that we recreate pods - // when they are terminating (has a metadata.deletionTimestamp) or failed. - // - Failed means to wait until a previously created Pod is fully terminated (has phase - // Failed or Succeeded) before creating a replacement Pod. - // - // When using podFailurePolicy, Failed is the the only allowed value. - // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. - // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field. - // +optional - podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy) -} - -// JobStatus represents the current state of a Job. -#JobStatus: { - // The latest available observations of an object's current state. When a Job - // fails, one of the conditions will have type "Failed" and status true. When - // a Job is suspended, one of the conditions will have type "Suspended" and - // status true; when the Job is resumed, the status of this condition will - // become false. When a Job is completed, one of the conditions will have - // type "Complete" and status true. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=atomic - conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep) - - // Represents time when the job controller started processing a job. When a - // Job is created in the suspended state, this field is not set until the - // first time it is resumed. This field is reset every time a Job is resumed - // from suspension. It is represented in RFC3339 form and is in UTC. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt) - - // Represents time when the job was completed. It is not guaranteed to - // be set in happens-before order across separate operations. - // It is represented in RFC3339 form and is in UTC. - // The completion time is only set when the job finishes successfully. - // +optional - completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt) - - // The number of pending and running pods. - // +optional - active?: int32 @go(Active) @protobuf(4,varint,opt) - - // The number of pods which reached phase Succeeded. - // +optional - succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt) - - // The number of pods which reached phase Failed. - // +optional - failed?: int32 @go(Failed) @protobuf(6,varint,opt) - - // The number of pods which are terminating (in phase Pending or Running - // and have a deletionTimestamp). - // - // This field is alpha-level. The job controller populates the field when - // the feature gate JobPodReplacementPolicy is enabled (disabled by default). - // +optional - terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt) - - // completedIndexes holds the completed indexes when .spec.completionMode = - // "Indexed" in a text format. The indexes are represented as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // +optional - completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt) - - // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. - // The indexes are represented in the text format analogous as for the - // `completedIndexes` field, ie. they are kept as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt) - - // uncountedTerminatedPods holds the UIDs of Pods that have terminated but - // the job controller hasn't yet accounted for in the status counters. - // - // The job controller creates pods with a finalizer. When a pod terminates - // (succeeded or failed), the controller does three steps to account for it - // in the job status: - // - // 1. Add the pod UID to the arrays in this field. - // 2. Remove the pod finalizer. - // 3. Remove the pod UID from the arrays while increasing the corresponding - // counter. - // - // Old jobs might not be tracked using this field, in which case the field - // remains null. - // +optional - uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt) - - // The number of pods which have a Ready condition. - // - // This field is beta-level. The job controller populates the field when - // the feature gate JobReadyPods is enabled (enabled by default). - // +optional - ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt) -} - -// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't -// been accounted in Job status counters. -#UncountedTerminatedPods: { - // succeeded holds UIDs of succeeded Pods. - // +listType=set - // +optional - succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) - - // failed holds UIDs of failed Pods. - // +listType=set - // +optional - failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -#JobConditionType: string // #enumJobConditionType - -#enumJobConditionType: - #JobSuspended | - #JobComplete | - #JobFailed | - #JobFailureTarget - -// JobSuspended means the job has been suspended. -#JobSuspended: #JobConditionType & "Suspended" - -// JobComplete means the job has completed its execution. -#JobComplete: #JobConditionType & "Complete" - -// JobFailed means the job has failed its execution. -#JobFailed: #JobConditionType & "Failed" - -// FailureTarget means the job is about to fail its execution. -#JobFailureTarget: #JobConditionType & "FailureTarget" - -// JobCondition describes current state of a job. -#JobCondition: { - // Type of job condition, Complete or Failed. - type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType) - - // Status of the condition, one of True, False, Unknown. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition was checked. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// JobTemplateSpec describes the data a Job should have when created from a template -#JobTemplateSpec: { - // Standard object's metadata of the jobs created from this template. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CronJob represents the configuration of a single cron job. -#CronJob: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a cron job, including the schedule. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a cron job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CronJobList is a collection of cron jobs. -#CronJobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CronJobs. - items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep) -} - -// CronJobSpec describes how the job execution will look like and when it will actually run. -#CronJobSpec: { - // The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - schedule: string @go(Schedule) @protobuf(1,bytes,opt) - - // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - // If not specified, this will default to the time zone of the kube-controller-manager process. - // The set of valid time zone names and the time zone offset is loaded from the system-wide time zone - // database by the API server during CronJob validation and the controller manager during execution. - // If no system-wide time zone database can be found a bundled version of the database is used instead. - // If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host - // configuration, the controller will stop creating new new Jobs and will create a system event with the - // reason UnknownTimeZone. - // More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - // +optional - timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt) - - // Optional deadline in seconds for starting the job if it misses scheduled - // time for any reason. Missed jobs executions will be counted as failed ones. - // +optional - startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt) - - // Specifies how to treat concurrent executions of a Job. - // Valid values are: - // - // - "Allow" (default): allows CronJobs to run concurrently; - // - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - // - "Replace": cancels currently running job and replaces it with a new one - // +optional - concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy) - - // This flag tells the controller to suspend subsequent executions, it does - // not apply to already started executions. Defaults to false. - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt) - - // Specifies the job that will be created when executing a CronJob. - jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt) - - // The number of successful finished jobs to retain. Value must be non-negative integer. - // Defaults to 3. - // +optional - successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt) - - // The number of failed finished jobs to retain. Value must be non-negative integer. - // Defaults to 1. - // +optional - failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt) -} - -// ConcurrencyPolicy describes how the job will be handled. -// Only one of the following concurrent policies may be specified. -// If none of the following policies is specified, the default one -// is AllowConcurrent. -// +enum -#ConcurrencyPolicy: string // #enumConcurrencyPolicy - -#enumConcurrencyPolicy: - #AllowConcurrent | - #ForbidConcurrent | - #ReplaceConcurrent - -// AllowConcurrent allows CronJobs to run concurrently. -#AllowConcurrent: #ConcurrencyPolicy & "Allow" - -// ForbidConcurrent forbids concurrent runs, skipping next run if previous -// hasn't finished yet. -#ForbidConcurrent: #ConcurrencyPolicy & "Forbid" - -// ReplaceConcurrent cancels currently running job and replaces it with a new one. -#ReplaceConcurrent: #ConcurrencyPolicy & "Replace" - -// CronJobStatus represents the current state of a cron job. -#CronJobStatus: { - // A list of pointers to currently running jobs. - // +optional - // +listType=atomic - active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep) - - // Information when was the last time the job was successfully scheduled. - // +optional - lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt) - - // Information when was the last time the job successfully completed. - // +optional - lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue deleted file mode 100644 index f2ce3436..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -#GroupName: "certificates.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue deleted file mode 100644 index 401ca5c9..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue +++ /dev/null @@ -1,318 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates -// by submitting a certificate signing request, and having it asynchronously approved and issued. -// -// Kubelets use this API to obtain: -// 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). -// 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName). -// -// This API can be used to request client certificates to authenticate to kube-apiserver -// (with the "kubernetes.io/kube-apiserver-client" signerName), -// or to obtain certificates from custom non-Kubernetes signers. -#CertificateSigningRequest: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the certificate request, and is immutable after creation. - // Only the request, signerName, expirationSeconds, and usages fields can be set on creation. - // Other fields are derived by Kubernetes and cannot be modified by users. - spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // status contains information about whether the request is approved or denied, - // and the certificate issued by the signer, or the failure condition indicating signer failure. - // +optional - status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CertificateSigningRequestSpec contains the certificate request. -#CertificateSigningRequestSpec: { - // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. - // When serialized as JSON or YAML, the data is additionally base64-encoded. - // +listType=atomic - request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt) - - // signerName indicates the requested signer, and is a qualified name. - // - // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. - // - // Well-known Kubernetes signers are: - // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. - // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. - // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. - // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. - // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // - // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers - // - // Custom signerNames can also be specified. The signer defines: - // 1. Trust distribution: how trust (CA bundles) are distributed. - // 2. Permitted subjects: and behavior when a disallowed subject is requested. - // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. - // 4. Required, permitted, or forbidden key usages / extended key usages. - // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. - // 6. Whether or not requests for CA certificates are allowed. - signerName: string @go(SignerName) @protobuf(7,bytes,opt) - - // expirationSeconds is the requested duration of validity of the issued - // certificate. The certificate signer may issue a certificate with a different - // validity duration so a client must check the delta between the notBefore and - // and notAfter fields in the issued certificate to determine the actual duration. - // - // The v1.22+ in-tree implementations of the well-known Kubernetes signers will - // honor this field as long as the requested duration is not greater than the - // maximum duration they will honor per the --cluster-signing-duration CLI - // flag to the Kubernetes controller manager. - // - // Certificate signers may not honor this field for various reasons: - // - // 1. Old signer that is unaware of the field (such as the in-tree - // implementations prior to v1.22) - // 2. Signer whose configured maximum is shorter than the requested duration - // 3. Signer whose configured minimum is longer than the requested duration - // - // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. - // - // +optional - expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt) - - // usages specifies a set of key usages requested in the issued certificate. - // - // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". - // - // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". - // - // Valid values are: - // "signing", "digital signature", "content commitment", - // "key encipherment", "key agreement", "data encipherment", - // "cert sign", "crl sign", "encipher only", "decipher only", "any", - // "server auth", "client auth", - // "code signing", "email protection", "s/mime", - // "ipsec end system", "ipsec tunnel", "ipsec user", - // "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" - // +listType=atomic - usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt) - - // username contains the name of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - username?: string @go(Username) @protobuf(2,bytes,opt) - - // uid contains the uid of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - uid?: string @go(UID) @protobuf(3,bytes,opt) - - // groups contains group membership of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +listType=atomic - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // extra contains extra attributes of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep) -} - -// "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client" - -// "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver. -// Can be auto-approved by the "csrapproving" controller in kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet" - -// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, -// which kube-apiserver can connect to securely. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeletServingSignerName: "kubernetes.io/kubelet-serving" - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// CertificateSigningRequestStatus contains conditions used to indicate -// approved/denied/failed status of the request, and the issued certificate. -#CertificateSigningRequestStatus: { - // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed". - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep) - - // certificate is populated with an issued certificate by the signer after an Approved condition is present. - // This field is set via the /status subresource. Once populated, this field is immutable. - // - // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. - // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. - // - // Validation requirements: - // 1. certificate must contain one or more PEM blocks. - // 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data - // must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. - // 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, - // to allow for explanatory text as described in section 5.2 of RFC7468. - // - // If more than one PEM block is present, and the definition of the requested spec.signerName - // does not indicate otherwise, the first block is the issued certificate, - // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. - // - // The certificate is encoded in PEM format. - // - // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: - // - // base64( - // -----BEGIN CERTIFICATE----- - // ... - // -----END CERTIFICATE----- - // ) - // - // +listType=atomic - // +optional - certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt) -} - -// RequestConditionType is the type of a CertificateSigningRequestCondition -#RequestConditionType: string // #enumRequestConditionType - -#enumRequestConditionType: - #CertificateApproved | - #CertificateDenied | - #CertificateFailed - -// Approved indicates the request was approved and should be issued by the signer. -#CertificateApproved: #RequestConditionType & "Approved" - -// Denied indicates the request was denied and should not be issued by the signer. -#CertificateDenied: #RequestConditionType & "Denied" - -// Failed indicates the signer failed to issue the certificate. -#CertificateFailed: #RequestConditionType & "Failed" - -// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object -#CertificateSigningRequestCondition: { - // type of the condition. Known conditions are "Approved", "Denied", and "Failed". - // - // An "Approved" condition is added via the /approval subresource, - // indicating the request was approved and should be issued by the signer. - // - // A "Denied" condition is added via the /approval subresource, - // indicating the request was denied and should not be issued by the signer. - // - // A "Failed" condition is added via the /status subresource, - // indicating the signer failed to issue the certificate. - // - // Approved and Denied conditions are mutually exclusive. - // Approved, Denied, and Failed conditions cannot be removed once added. - // - // Only one condition of a given type is allowed. - type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType) - - // status of the condition, one of True, False, Unknown. - // Approved, Denied, and Failed conditions may not be "False" or "Unknown". - status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // reason indicates a brief reason for the request state - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // message contains a human readable message with details about the request state - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // lastUpdateTime is the time of the last update to this condition - // +optional - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt) - - // lastTransitionTime is the time the condition last transitioned from one status to another. - // If unset, when a new condition type is added or an existing condition's status is changed, - // the server defaults this to the current time. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt) -} - -// CertificateSigningRequestList is a collection of CertificateSigningRequest objects -#CertificateSigningRequestList: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a collection of CertificateSigningRequest objects - items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep) -} - -// KeyUsage specifies valid usage contexts for keys. -// See: -// -// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 -// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 -// -// +enum -#KeyUsage: string // #enumKeyUsage - -#enumKeyUsage: - #UsageSigning | - #UsageDigitalSignature | - #UsageContentCommitment | - #UsageKeyEncipherment | - #UsageKeyAgreement | - #UsageDataEncipherment | - #UsageCertSign | - #UsageCRLSign | - #UsageEncipherOnly | - #UsageDecipherOnly | - #UsageAny | - #UsageServerAuth | - #UsageClientAuth | - #UsageCodeSigning | - #UsageEmailProtection | - #UsageSMIME | - #UsageIPsecEndSystem | - #UsageIPsecTunnel | - #UsageIPsecUser | - #UsageTimestamping | - #UsageOCSPSigning | - #UsageMicrosoftSGC | - #UsageNetscapeSGC - -#UsageSigning: #KeyUsage & "signing" -#UsageDigitalSignature: #KeyUsage & "digital signature" -#UsageContentCommitment: #KeyUsage & "content commitment" -#UsageKeyEncipherment: #KeyUsage & "key encipherment" -#UsageKeyAgreement: #KeyUsage & "key agreement" -#UsageDataEncipherment: #KeyUsage & "data encipherment" -#UsageCertSign: #KeyUsage & "cert sign" -#UsageCRLSign: #KeyUsage & "crl sign" -#UsageEncipherOnly: #KeyUsage & "encipher only" -#UsageDecipherOnly: #KeyUsage & "decipher only" -#UsageAny: #KeyUsage & "any" -#UsageServerAuth: #KeyUsage & "server auth" -#UsageClientAuth: #KeyUsage & "client auth" -#UsageCodeSigning: #KeyUsage & "code signing" -#UsageEmailProtection: #KeyUsage & "email protection" -#UsageSMIME: #KeyUsage & "s/mime" -#UsageIPsecEndSystem: #KeyUsage & "ipsec end system" -#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel" -#UsageIPsecUser: #KeyUsage & "ipsec user" -#UsageTimestamping: #KeyUsage & "timestamping" -#UsageOCSPSigning: #KeyUsage & "ocsp signing" -#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc" -#UsageNetscapeSGC: #KeyUsage & "netscape sgc" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue deleted file mode 100644 index d0a257d5..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -#GroupName: "coordination.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue deleted file mode 100644 index de2c7412..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue +++ /dev/null @@ -1,61 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Lease defines a lease concept. -#Lease: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the specification of the Lease. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LeaseSpec is a specification of a Lease. -#LeaseSpec: { - // holderIdentity contains the identity of the holder of a current lease. - // +optional - holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt) - - // leaseDurationSeconds is a duration that candidates for a lease need - // to wait to force acquire it. This is measure against time of last - // observed renewTime. - // +optional - leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt) - - // acquireTime is a time when the current lease was acquired. - // +optional - acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt) - - // renewTime is a time when the current holder of a lease has last - // updated the lease. - // +optional - renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt) - - // leaseTransitions is the number of transitions of a lease between - // holders. - // +optional - leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt) -} - -// LeaseList is a list of Lease objects. -#LeaseList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a302790..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abc..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c09733..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue deleted file mode 100644 index 19a7d631..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -#GroupName: "discovery.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue deleted file mode 100644 index 144ef53e..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// EndpointSlice represents a subset of the endpoints that implement a service. -// For a given service there may be multiple EndpointSlice objects, selected by -// labels, which must be joined to produce the full set of endpoints. -#EndpointSlice: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // addressType specifies the type of address carried by this EndpointSlice. - // All addresses in this slice must be the same type. This field is - // immutable after creation. The following address types are currently - // supported: - // * IPv4: Represents an IPv4 Address. - // * IPv6: Represents an IPv6 Address. - // * FQDN: Represents a Fully Qualified Domain Name. - addressType: #AddressType @go(AddressType) @protobuf(4,bytes,rep) - - // endpoints is a list of unique endpoints in this slice. Each slice may - // include a maximum of 1000 endpoints. - // +listType=atomic - endpoints: [...#Endpoint] @go(Endpoints,[]Endpoint) @protobuf(2,bytes,rep) - - // ports specifies the list of network ports exposed by each endpoint in - // this slice. Each port must have a unique name. When ports is empty, it - // indicates that there are no defined ports. When a port is defined with a - // nil port value, it indicates "all ports". Each slice may include a - // maximum of 100 ports. - // +optional - // +listType=atomic - ports: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// AddressType represents the type of address referred to by an endpoint. -// +enum -#AddressType: string // #enumAddressType - -#enumAddressType: - #AddressTypeIPv4 | - #AddressTypeIPv6 | - #AddressTypeFQDN - -// AddressTypeIPv4 represents an IPv4 Address. -#AddressTypeIPv4: #AddressType & "IPv4" - -// AddressTypeIPv6 represents an IPv6 Address. -#AddressTypeIPv6: #AddressType & "IPv6" - -// AddressTypeFQDN represents a FQDN. -#AddressTypeFQDN: #AddressType & "FQDN" - -// Endpoint represents a single logical "backend" implementing a service. -#Endpoint: { - // addresses of this endpoint. The contents of this field are interpreted - // according to the corresponding EndpointSlice addressType field. Consumers - // must handle different types of addresses in the context of their own - // capabilities. This must contain at least one address but no more than - // 100. These are all assumed to be fungible and clients may choose to only - // use the first element. Refer to: https://issue.k8s.io/106267 - // +listType=set - addresses: [...string] @go(Addresses,[]string) @protobuf(1,bytes,rep) - - // conditions contains information about the current status of the endpoint. - conditions?: #EndpointConditions @go(Conditions) @protobuf(2,bytes,opt) - - // hostname of this endpoint. This field may be used by consumers of - // endpoints to distinguish endpoints from each other (e.g. in DNS names). - // Multiple endpoints which use the same hostname should be considered - // fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS - // Label (RFC 1123) validation. - // +optional - hostname?: null | string @go(Hostname,*string) @protobuf(3,bytes,opt) - - // targetRef is a reference to a Kubernetes object that represents this - // endpoint. - // +optional - targetRef?: null | v1.#ObjectReference @go(TargetRef,*v1.ObjectReference) @protobuf(4,bytes,opt) - - // deprecatedTopology contains topology information part of the v1beta1 - // API. This field is deprecated, and will be removed when the v1beta1 - // API is removed (no sooner than kubernetes v1.24). While this field can - // hold values, it is not writable through the v1 API, and any attempts to - // write to it will be silently ignored. Topology information can be found - // in the zone and nodeName fields instead. - // +optional - deprecatedTopology?: {[string]: string} @go(DeprecatedTopology,map[string]string) @protobuf(5,bytes,opt) - - // nodeName represents the name of the Node hosting this endpoint. This can - // be used to determine endpoints local to a Node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(6,bytes,opt) - - // zone is the name of the Zone this endpoint exists in. - // +optional - zone?: null | string @go(Zone,*string) @protobuf(7,bytes,opt) - - // hints contains information associated with how an endpoint should be - // consumed. - // +optional - hints?: null | #EndpointHints @go(Hints,*EndpointHints) @protobuf(8,bytes,opt) -} - -// EndpointConditions represents the current condition of an endpoint. -#EndpointConditions: { - // ready indicates that this endpoint is prepared to receive traffic, - // according to whatever system is managing the endpoint. A nil value - // indicates an unknown state. In most cases consumers should interpret this - // unknown state as ready. For compatibility reasons, ready should never be - // "true" for terminating endpoints, except when the normal readiness - // behavior is being explicitly overridden, for example when the associated - // Service has set the publishNotReadyAddresses flag. - // +optional - ready?: null | bool @go(Ready,*bool) @protobuf(1,bytes) - - // serving is identical to ready except that it is set regardless of the - // terminating state of endpoints. This condition should be set to true for - // a ready endpoint that is terminating. If nil, consumers should defer to - // the ready condition. - // +optional - serving?: null | bool @go(Serving,*bool) @protobuf(2,bytes) - - // terminating indicates that this endpoint is terminating. A nil value - // indicates an unknown state. Consumers should interpret this unknown state - // to mean that the endpoint is not terminating. - // +optional - terminating?: null | bool @go(Terminating,*bool) @protobuf(3,bytes) -} - -// EndpointHints provides hints describing how an endpoint should be consumed. -#EndpointHints: { - // forZones indicates the zone(s) this endpoint should be consumed by to - // enable topology aware routing. - // +listType=atomic - forZones?: [...#ForZone] @go(ForZones,[]ForZone) @protobuf(1,bytes) -} - -// ForZone provides information about which zones should consume this endpoint. -#ForZone: { - // name represents the name of the zone. - name: string @go(Name) @protobuf(1,bytes) -} - -// EndpointPort represents a Port used by an EndpointSlice -// +structType=atomic -#EndpointPort: { - // name represents the name of this port. All ports in an EndpointSlice must have a unique name. - // If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. - // Name must either be an empty string or pass DNS_LABEL validation: - // * must be no more than 63 characters long. - // * must consist of lower case alphanumeric characters or '-'. - // * must start and end with an alphanumeric character. - // Default is empty string. - name?: null | string @go(Name,*string) @protobuf(1,bytes) - - // protocol represents the IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(2,bytes) - - // port represents the port number of the endpoint. - // If this is not specified, ports are not restricted and must be - // interpreted in the context of the specific consumer. - port?: null | int32 @go(Port,*int32) @protobuf(3,bytes,opt) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes) -} - -// EndpointSliceList represents a list of endpoint slices -#EndpointSliceList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of endpoint slices - items: [...#EndpointSlice] @go(Items,[]EndpointSlice) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 9c40d30e..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,20 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -// LabelServiceName is used to indicate the name of a Kubernetes service. -#LabelServiceName: "kubernetes.io/service-name" - -// LabelManagedBy is used to indicate the controller or entity that manages -// an EndpointSlice. This label aims to enable different EndpointSlice -// objects to be managed by different controllers or entities within the -// same cluster. It is highly recommended to configure this label for all -// EndpointSlices. -#LabelManagedBy: "endpointslice.kubernetes.io/managed-by" - -// LabelSkipMirror can be set to true on an Endpoints resource to indicate -// that the EndpointSliceMirroring controller should not mirror this -// resource with EndpointSlices. -#LabelSkipMirror: "endpointslice.kubernetes.io/skip-mirror" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue deleted file mode 100644 index c4138c1c..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -#GroupName: "events.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue deleted file mode 100644 index 47acc8fc..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue +++ /dev/null @@ -1,111 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. -// Events have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // eventTime is the time when this Event was first observed. It is required. - eventTime: metav1.#MicroTime @go(EventTime) @protobuf(2,bytes,opt) - - // series is data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(3,bytes,opt) - - // reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // This field cannot be empty for new Events. - reportingController?: string @go(ReportingController) @protobuf(4,bytes,opt) - - // reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. - // This field cannot be empty for new Events and it can have at most 128 characters. - reportingInstance?: string @go(ReportingInstance) @protobuf(5,bytes,opt) - - // action is what action was taken/failed regarding to the regarding object. It is machine-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - action?: string @go(Action) @protobuf(6,bytes) - - // reason is why the action was taken. It is human-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - reason?: string @go(Reason) @protobuf(7,bytes) - - // regarding contains the object this Event is about. In most cases it's an Object reporting controller - // implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because - // it acts on some changes in a ReplicaSet object. - // +optional - regarding?: corev1.#ObjectReference @go(Regarding) @protobuf(8,bytes,opt) - - // related is the optional secondary object for more complex actions. E.g. when regarding object triggers - // a creation or deletion of related object. - // +optional - related?: null | corev1.#ObjectReference @go(Related,*corev1.ObjectReference) @protobuf(9,bytes,opt) - - // note is a human-readable description of the status of this operation. - // Maximal length of the note is 1kB, but libraries should be prepared to - // handle values up to 64kB. - // +optional - note?: string @go(Note) @protobuf(10,bytes,opt) - - // type is the type of this event (Normal, Warning), new types could be added in the future. - // It is machine-readable. - // This field cannot be empty for new Events. - type?: string @go(Type) @protobuf(11,bytes,opt) - - // deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedSource?: corev1.#EventSource @go(DeprecatedSource) @protobuf(12,bytes,opt) - - // deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedFirstTimestamp?: metav1.#Time @go(DeprecatedFirstTimestamp) @protobuf(13,bytes,opt) - - // deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedLastTimestamp?: metav1.#Time @go(DeprecatedLastTimestamp) @protobuf(14,bytes,opt) - - // deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedCount?: int32 @go(DeprecatedCount) @protobuf(15,varint,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. How often to update the EventSeries is up to the event reporters. -// The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows -// how this struct is updated on heartbeats and can guide customized reporter implementations. -#EventSeries: { - // count is the number of occurrences in this series up to the last heartbeat time. - count: int32 @go(Count) @protobuf(1,varint,opt) - - // lastObservedTime is the time when last Event from the series was seen before last heartbeat. - lastObservedTime: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes,opt) -} - -// EventList is a list of Event objects. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue deleted file mode 100644 index f1042622..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -#GroupName: "networking.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue deleted file mode 100644 index bbdc7f2b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue +++ /dev/null @@ -1,588 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -#NetworkPolicy: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the desired behavior for this NetworkPolicy. - // +optional - spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PolicyType string describes the NetworkPolicy type -// This type is beta-level in 1.8 -// +enum -#PolicyType: string // #enumPolicyType - -#enumPolicyType: - #PolicyTypeIngress | - #PolicyTypeEgress - -// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods -#PolicyTypeIngress: #PolicyType & "Ingress" - -// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods -#PolicyTypeEgress: #PolicyType & "Egress" - -// NetworkPolicySpec provides the specification of a NetworkPolicy -#NetworkPolicySpec: { - // podSelector selects the pods to which this NetworkPolicy object applies. - // The array of ingress rules is applied to any pods selected by this field. - // Multiple network policies can select the same set of pods. In this case, - // the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt) - - // ingress is a list of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // (and cluster policy otherwise allows the traffic), OR if the traffic source is - // the pod's local node, OR if the traffic matches at least one ingress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy does not allow any traffic (and serves - // solely to ensure that the pods it selects are isolated by default) - // +optional - ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep) - - // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic - // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy - // otherwise allows the traffic), OR if the traffic matches at least one egress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves - // solely to ensure that the pods it selects are isolated by default). - // This field is beta-level in 1.8 - // +optional - egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep) - - // policyTypes is a list of rule types that the NetworkPolicy relates to. - // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. - // If this field is not specified, it will default based on the existence of ingress or egress rules; - // policies that contain an egress section are assumed to affect egress, and all policies - // (whether or not they contain an ingress section) are assumed to affect ingress. - // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. - // Likewise, if you want to write a policy that specifies that no egress is allowed, - // you must specify a policyTypes value that include "Egress" (since such a policy would not include - // an egress section and would otherwise default to just [ "Ingress" ]). - // This field is beta-level in 1.8 - // +optional - policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType) -} - -// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. -#NetworkPolicyIngressRule: { - // ports is a list of ports which should be made accessible on the pods selected for - // this rule. Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // from is a list of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all sources (traffic not restricted by - // source). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the from list. - // +optional - from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. -// This type is beta-level in 1.8 -#NetworkPolicyEgressRule: { - // ports is a list of destination ports for outgoing traffic. - // Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // to is a list of destinations for outgoing traffic of pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all destinations (traffic not restricted by - // destination). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the to list. - // +optional - to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPort describes a port to allow traffic on -#NetworkPolicyPort: { - // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol) - - // port represents the port on the given protocol. This can either be a numerical or named - // port on a pod. If this field is not provided, this matches all port names and - // numbers. - // If present, only traffic on the specified protocol AND port will be matched. - // +optional - port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt) - - // endPort indicates that the range of ports from port to endPort if set, inclusive, - // should be allowed by the policy. This field cannot be defined if the port field - // is not defined or if the port field is defined as a named (string) port. - // The endPort must be equal or greater than port. - // +optional - endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt) -} - -// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed -// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs -// that should not be included within this rule. -#IPBlock: { - // cidr is a string representing the IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - cidr: string @go(CIDR) @protobuf(1,bytes) - - // except is a slice of CIDRs that should not be included within an IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - // Except values will be rejected if they are outside the cidr range - // +optional - except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of -// fields are allowed -#NetworkPolicyPeer: { - // podSelector is a label selector which selects pods. This field follows standard label - // selector semantics; if present but empty, it selects all pods. - // - // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects the pods matching podSelector in the policy's own namespace. - // +optional - podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaceSelector selects namespaces using cluster-scoped labels. This field follows - // standard label selector semantics; if present but empty, it selects all namespaces. - // - // If podSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the namespaces selected by namespaceSelector. - // Otherwise it selects all pods in the namespaces selected by namespaceSelector. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // ipBlock defines policy on a particular IPBlock. If this field is set then - // neither of the other fields can be. - // +optional - ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep) -} - -// NetworkPolicyList is a list of NetworkPolicy objects. -#NetworkPolicyList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep) -} - -// Ingress is a collection of rules that allow inbound connections to reach the -// endpoints defined by a backend. An Ingress can be configured to give services -// externally-reachable urls, load balance traffic, terminate SSL, offer name -// based virtual hosting etc. -#Ingress: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt) -} - -// IngressList is a collection of Ingress. -#IngressList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Ingress. - items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep) -} - -// IngressSpec describes the Ingress the user wishes to exist. -#IngressSpec: { - // ingressClassName is the name of an IngressClass cluster resource. Ingress - // controller implementations use this field to know whether they should be - // serving this Ingress resource, by a transitive connection - // (controller -> IngressClass -> Ingress resource). Although the - // `kubernetes.io/ingress.class` annotation (simple constant name) was never - // formally defined, it was widely supported by Ingress controllers to create - // a direct binding between Ingress controller and Ingress resources. Newly - // created Ingress resources should prefer using the field. However, even - // though the annotation is officially deprecated, for backwards compatibility - // reasons, ingress controllers should still honor that annotation if present. - // +optional - ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt) - - // defaultBackend is the backend that should handle requests that don't - // match any rule. If Rules are not specified, DefaultBackend must be specified. - // If DefaultBackend is not set, the handling of requests that do not match any - // of the rules will be up to the Ingress controller. - // +optional - defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt) - - // tls represents the TLS configuration. Currently the Ingress only supports a - // single TLS port, 443. If multiple members of this list specify different hosts, - // they will be multiplexed on the same port according to the hostname specified - // through the SNI TLS extension, if the ingress controller fulfilling the - // ingress supports SNI. - // +listType=atomic - // +optional - tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep) - - // rules is a list of host rules used to configure the Ingress. If unspecified, - // or no rule matches, all traffic is sent to the default backend. - // +listType=atomic - // +optional - rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep) -} - -// IngressTLS describes the transport layer security associated with an ingress. -#IngressTLS: { - // hosts is a list of hosts included in the TLS certificate. The values in - // this list must match the name/s used in the tlsSecret. Defaults to the - // wildcard host setting for the loadbalancer controller fulfilling this - // Ingress, if left unspecified. - // +listType=atomic - // +optional - hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep) - - // secretName is the name of the secret used to terminate TLS traffic on - // port 443. Field is left optional to allow TLS routing based on SNI - // hostname alone. If the SNI host in a listener conflicts with the "Host" - // header field used by an IngressRule, the SNI host is used for termination - // and value of the "Host" header is used for routing. - // +optional - secretName?: string @go(SecretName) @protobuf(2,bytes,opt) -} - -// IngressStatus describe the current state of the Ingress. -#IngressStatus: { - // loadBalancer contains the current status of the load-balancer. - // +optional - loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) -} - -// IngressLoadBalancerStatus represents the status of a load-balancer. -#IngressLoadBalancerStatus: { - // ingress is a list containing ingress points for the load-balancer. - // +optional - ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. -#IngressLoadBalancerIngress: { - // ip is set for load-balancer ingress points that are IP based. - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // hostname is set for load-balancer ingress points that are DNS based. - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // ports provides information about the ports exposed by this LoadBalancer. - // +listType=atomic - // +optional - ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep) -} - -// IngressPortStatus represents the error condition of a service port -#IngressPortStatus: { - // port is the port number of the ingress port. - port: int32 @go(Port) @protobuf(1,varint,opt) - - // protocol is the protocol of the ingress port. - // The supported values are: "TCP", "UDP", "SCTP" - protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} - -// IngressRule represents the rules mapping the paths under a specified host to -// the related backend services. Incoming requests are first evaluated for a host -// match, then routed to the backend associated with the matching IngressRuleValue. -#IngressRule: { - // host is the fully qualified domain name of a network host, as defined by RFC 3986. - // Note the following deviations from the "host" part of the - // URI as defined in RFC 3986: - // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to - // the IP in the Spec of the parent Ingress. - // 2. The `:` delimiter is not respected because ports are not allowed. - // Currently the port of an Ingress is implicitly :80 for http and - // :443 for https. - // Both these may change in the future. - // Incoming requests are matched against the host before the - // IngressRuleValue. If the host is unspecified, the Ingress routes all - // traffic based on the specified IngressRuleValue. - // - // host can be "precise" which is a domain name without the terminating dot of - // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name - // prefixed with a single wildcard label (e.g. "*.foo.com"). - // The wildcard character '*' must appear by itself as the first DNS label and - // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). - // Requests will be matched against the Host field in the following way: - // 1. If host is precise, the request matches this rule if the http host header is equal to Host. - // 2. If host is a wildcard, then the request matches this rule if the http host header - // is to equal to the suffix (removing the first label) of the wildcard rule. - // +optional - host?: string @go(Host) @protobuf(1,bytes,opt) - - #IngressRuleValue -} - -// IngressRuleValue represents a rule to apply against incoming requests. If the -// rule is satisfied, the request is routed to the specified backend. Currently -// mixing different types of rules in a single Ingress is disallowed, so exactly -// one of the following must be set. -#IngressRuleValue: { - // +optional - http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt) -} - -// HTTPIngressRuleValue is a list of http selectors pointing to backends. -// In the example: http:///? -> backend where -// where parts of the url correspond to RFC 3986, this resource will be used -// to match against everything after the last '/' and before the first '?' -// or '#'. -#HTTPIngressRuleValue: { - // paths is a collection of paths that map requests to backends. - // +listType=atomic - paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep) -} - -// PathType represents the type of path referred to by a HTTPIngressPath. -// +enum -#PathType: string // #enumPathType - -#enumPathType: - #PathTypeExact | - #PathTypePrefix | - #PathTypeImplementationSpecific - -// PathTypeExact matches the URL path exactly and with case sensitivity. -#PathTypeExact: #PathType & "Exact" - -// PathTypePrefix matches based on a URL path prefix split by '/'. Matching -// is case sensitive and done on a path element by element basis. A path -// element refers to the list of labels in the path split by the '/' -// separator. A request is a match for path p if every p is an element-wise -// prefix of p of the request path. Note that if the last element of the -// path is a substring of the last element in request path, it is not a -// match (e.g. /foo/bar matches /foo/bar/baz, but does not match -// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the -// longest matching path is given priority. -// Examples: -// - /foo/bar does not match requests to /foo/barbaz -// - /foo/bar matches request to /foo/bar and /foo/bar/baz -// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are -// present in an Ingress spec, the longest matching path (/foo/) is given -// priority. -#PathTypePrefix: #PathType & "Prefix" - -// PathTypeImplementationSpecific matching is up to the IngressClass. -// Implementations can treat this as a separate PathType or treat it -// identically to Prefix or Exact path types. -#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific" - -// HTTPIngressPath associates a path with a backend. Incoming urls matching the -// path are forwarded to the backend. -#HTTPIngressPath: { - // path is matched against the path of an incoming request. Currently it can - // contain characters disallowed from the conventional "path" part of a URL - // as defined by RFC 3986. Paths must begin with a '/' and must be present - // when using PathType with value "Exact" or "Prefix". - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // pathType determines the interpretation of the path matching. PathType can - // be one of the following values: - // * Exact: Matches the URL path exactly. - // * Prefix: Matches based on a URL path prefix split by '/'. Matching is - // done on a path element by element basis. A path element refers is the - // list of labels in the path split by the '/' separator. A request is a - // match for path p if every p is an element-wise prefix of p of the - // request path. Note that if the last element of the path is a substring - // of the last element in request path, it is not a match (e.g. /foo/bar - // matches /foo/bar/baz, but does not match /foo/barbaz). - // * ImplementationSpecific: Interpretation of the Path matching is up to - // the IngressClass. Implementations can treat this as a separate PathType - // or treat it identically to Prefix or Exact path types. - // Implementations are required to support all path types. - pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt) - - // backend defines the referenced service endpoint to which the traffic - // will be forwarded to. - backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt) -} - -// IngressBackend describes all endpoints for a given service and port. -#IngressBackend: { - // service references a service as a backend. - // This is a mutually exclusive setting with "Resource". - // +optional - service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt) - - // resource is an ObjectRef to another Kubernetes resource in the namespace - // of the Ingress object. If resource is specified, a service.Name and - // service.Port must not be specified. - // This is a mutually exclusive setting with "Service". - // +optional - resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt) -} - -// IngressServiceBackend references a Kubernetes Service as a Backend. -#IngressServiceBackend: { - // name is the referenced service. The service must exist in - // the same namespace as the Ingress object. - name: string @go(Name) @protobuf(1,bytes,opt) - - // port of the referenced service. A port name or port number - // is required for a IngressServiceBackend. - port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt) -} - -// ServiceBackendPort is the service port being referenced. -#ServiceBackendPort: { - // name is the name of the port on the Service. - // This is a mutually exclusive setting with "Number". - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // number is the numerical port number (e.g. 80) on the Service. - // This is a mutually exclusive setting with "Name". - // +optional - number?: int32 @go(Number) @protobuf(2,bytes,opt) -} - -// IngressClass represents the class of the Ingress, referenced by the Ingress -// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be -// used to indicate that an IngressClass should be considered default. When a -// single IngressClass resource has this annotation set to true, new Ingress -// resources without a class specified will be assigned this default class. -#IngressClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the IngressClass. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// IngressClassSpec provides information about the class of an Ingress. -#IngressClassSpec: { - // controller refers to the name of the controller that should handle this - // class. This allows for different "flavors" that are controlled by the - // same controller. For example, you may have different parameters for the - // same implementing controller. This should be specified as a - // domain-prefixed path no more than 250 characters in length, e.g. - // "acme.io/ingress-controller". This field is immutable. - controller?: string @go(Controller) @protobuf(1,bytes,opt) - - // parameters is a link to a custom resource containing additional - // configuration for the controller. This is optional if the controller does - // not require extra parameters. - // +optional - parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt) -} - -// IngressClassParametersReferenceScopeNamespace indicates that the -// referenced Parameters resource is namespace-scoped. -#IngressClassParametersReferenceScopeNamespace: "Namespace" - -// IngressClassParametersReferenceScopeCluster indicates that the -// referenced Parameters resource is cluster-scoped. -#IngressClassParametersReferenceScopeCluster: "Cluster" - -// IngressClassParametersReference identifies an API object. This can be used -// to specify a cluster or namespace-scoped resource. -#IngressClassParametersReference: { - // apiGroup is the group for the resource being referenced. If APIGroup is - // not specified, the specified Kind must be in the core API group. For any - // other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup) - - // kind is the type of resource being referenced. - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // name is the name of resource being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // scope represents if this refers to a cluster or namespace scoped resource. - // This may be set to "Cluster" (default) or "Namespace". - // +optional - scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt) - - // namespace is the namespace of the resource being referenced. This field is - // required when scope is set to "Namespace" and must be unset when scope is set to - // "Cluster". - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt) -} - -// IngressClassList is a collection of IngressClasses. -#IngressClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of IngressClasses. - items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue deleted file mode 100644 index bee74f4b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue +++ /dev/null @@ -1,11 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -// AnnotationIsDefaultIngressClass can be used to indicate that an -// IngressClass should be considered default. When a single IngressClass -// resource has this annotation set to true, new Ingress resources without a -// class specified will be assigned this default class. -#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue deleted file mode 100644 index 5969b44f..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -#GroupName: "node.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue deleted file mode 100644 index 3934557c..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// RuntimeClass defines a class of container runtime supported in the cluster. -// The RuntimeClass is used to determine which container runtime is used to run -// all containers in a pod. RuntimeClasses are manually defined by a -// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is -// responsible for resolving the RuntimeClassName reference before running the -// pod. For more details, see -// https://kubernetes.io/docs/concepts/containers/runtime-class/ -#RuntimeClass: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // handler specifies the underlying runtime and configuration that the CRI - // implementation will use to handle pods of this class. The possible values - // are specific to the node & CRI configuration. It is assumed that all - // handlers are available on every node, and handlers of the same name are - // equivalent on every node. - // For example, a handler called "runc" might specify that the runc OCI - // runtime (using native Linux containers) will be used to run the containers - // in a pod. - // The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, - // and is immutable. - handler: string @go(Handler) @protobuf(2,bytes,opt) - - // overhead represents the resource overhead associated with running a pod for a - // given RuntimeClass. For more details, see - // https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ - // +optional - overhead?: null | #Overhead @go(Overhead,*Overhead) @protobuf(3,bytes,opt) - - // scheduling holds the scheduling constraints to ensure that pods running - // with this RuntimeClass are scheduled to nodes that support it. - // If scheduling is nil, this RuntimeClass is assumed to be supported by all - // nodes. - // +optional - scheduling?: null | #Scheduling @go(Scheduling,*Scheduling) @protobuf(4,bytes,opt) -} - -// Overhead structure represents the resource overhead associated with running a pod. -#Overhead: { - // podFixed represents the fixed resource overhead associated with running a pod. - // +optional - podFixed?: corev1.#ResourceList @go(PodFixed) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName,castvalue=k8s.io/apimachinery/pkg/api/resource.Quantity) -} - -// Scheduling specifies the scheduling constraints for nodes supporting a -// RuntimeClass. -#Scheduling: { - // nodeSelector lists labels that must be present on nodes that support this - // RuntimeClass. Pods using this RuntimeClass can only be scheduled to a - // node matched by this selector. The RuntimeClass nodeSelector is merged - // with a pod's existing nodeSelector. Any conflicts will cause the pod to - // be rejected in admission. - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(1,bytes,opt) - - // tolerations are appended (excluding duplicates) to pods running with this - // RuntimeClass during admission, effectively unioning the set of nodes - // tolerated by the pod and the RuntimeClass. - // +optional - // +listType=atomic - tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration) @protobuf(2,bytes,rep) -} - -// RuntimeClassList is a list of RuntimeClass objects. -#RuntimeClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#RuntimeClass] @go(Items,[]RuntimeClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue deleted file mode 100644 index dedcdc34..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue +++ /dev/null @@ -1,8 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -// Package policy is for any kind of policy object. Suitable examples, even if -// they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, -// NetworkPolicy, etc. -package v1 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue deleted file mode 100644 index e38fa373..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -#GroupName: "policy" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue deleted file mode 100644 index 5901cc6d..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue +++ /dev/null @@ -1,204 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -#DisruptionBudgetCause: metav1.#CauseType & "DisruptionBudget" - -// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. -#PodDisruptionBudgetSpec: { - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - minAvailable?: null | intstr.#IntOrString @go(MinAvailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // Label query over pods whose evictions are managed by the disruption - // budget. - // A null selector will match no pods, while an empty ({}) selector will select - // all pods within the namespace. - // +patchStrategy=replace - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(3,bytes,opt) - - // UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - // should be considered for eviction. Current implementation considers healthy pods, - // as pods that have status.conditions item with type="Ready",status="True". - // - // Valid policies are IfHealthyBudget and AlwaysAllow. - // If no policy is specified, the default behavior will be used, - // which corresponds to the IfHealthyBudget policy. - // - // IfHealthyBudget policy means that running pods (status.phase="Running"), - // but not yet healthy can be evicted only if the guarded application is not - // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - // Healthy pods will be subject to the PDB for eviction. - // - // AlwaysAllow policy means that all running pods (status.phase="Running"), - // but not yet healthy are considered disrupted and can be evicted regardless - // of whether the criteria in a PDB is met. This means perspective running - // pods of a disrupted application might not get a chance to become healthy. - // Healthy pods will be subject to the PDB for eviction. - // - // Additional policies may be added in the future. - // Clients making eviction decisions should disallow eviction of unhealthy pods - // if they encounter an unrecognized policy in this field. - // - // This field is beta-level. The eviction API uses this field when - // the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). - // +optional - unhealthyPodEvictionPolicy?: null | #UnhealthyPodEvictionPolicyType @go(UnhealthyPodEvictionPolicy,*UnhealthyPodEvictionPolicyType) @protobuf(4,bytes,opt) -} - -// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods -// should be considered for eviction. -// +enum -#UnhealthyPodEvictionPolicyType: string // #enumUnhealthyPodEvictionPolicyType - -#enumUnhealthyPodEvictionPolicyType: - #IfHealthyBudget | - #AlwaysAllow - -// IfHealthyBudget policy means that running pods (status.phase="Running"), -// but not yet healthy can be evicted only if the guarded application is not -// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). -// Healthy pods will be subject to the PDB for eviction. -#IfHealthyBudget: #UnhealthyPodEvictionPolicyType & "IfHealthyBudget" - -// AlwaysAllow policy means that all running pods (status.phase="Running"), -// but not yet healthy are considered disrupted and can be evicted regardless -// of whether the criteria in a PDB is met. This means perspective running -// pods of a disrupted application might not get a chance to become healthy. -// Healthy pods will be subject to the PDB for eviction. -#AlwaysAllow: #UnhealthyPodEvictionPolicyType & "AlwaysAllow" - -// PodDisruptionBudgetStatus represents information about the status of a -// PodDisruptionBudget. Status may trail the actual state of a system. -#PodDisruptionBudgetStatus: { - // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other - // status information is valid only if observedGeneration equals to PDB's object generation. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // DisruptedPods contains information about pods whose eviction was - // processed by the API server eviction subresource handler but has not - // yet been observed by the PodDisruptionBudget controller. - // A pod will be in this map from the time when the API server processed the - // eviction request to the time when the pod is seen by PDB controller - // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod - // and the value is the time when the API server processed the eviction request. If - // the deletion didn't occur and a pod is still there it will be removed from - // the list automatically by PodDisruptionBudget controller after some time. - // If everything goes smooth this map should be empty for the most of the time. - // Large number of entries in the map may indicate problems with pod deletions. - // +optional - disruptedPods?: {[string]: metav1.#Time} @go(DisruptedPods,map[string]metav1.Time) @protobuf(2,bytes,rep) - - // Number of pod disruptions that are currently allowed. - disruptionsAllowed: int32 @go(DisruptionsAllowed) @protobuf(3,varint,opt) - - // current number of healthy pods - currentHealthy: int32 @go(CurrentHealthy) @protobuf(4,varint,opt) - - // minimum desired number of healthy pods - desiredHealthy: int32 @go(DesiredHealthy) @protobuf(5,varint,opt) - - // total number of pods counted by this disruption budget - expectedPods: int32 @go(ExpectedPods) @protobuf(6,varint,opt) - - // Conditions contain conditions for PDB. The disruption controller sets the - // DisruptionAllowed condition. The following are known values for the reason field - // (additional reasons could be added in the future): - // - SyncFailed: The controller encountered an error and wasn't able to compute - // the number of allowed disruptions. Therefore no disruptions are - // allowed and the status of the condition will be False. - // - InsufficientPods: The number of pods are either at or below the number - // required by the PodDisruptionBudget. No disruptions are - // allowed and the status of the condition will be False. - // - SufficientPods: There are more pods than required by the PodDisruptionBudget. - // The condition will be True, and the number of allowed - // disruptions are provided by the disruptionsAllowed property. - // - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(7,bytes,rep) -} - -// DisruptionAllowedCondition is a condition set by the disruption controller -// that signal whether any of the pods covered by the PDB can be disrupted. -#DisruptionAllowedCondition: "DisruptionAllowed" - -// SyncFailedReason is set on the DisruptionAllowed condition if reconcile -// of the PDB failed and therefore disruption of pods are not allowed. -#SyncFailedReason: "SyncFailed" - -// SufficientPodsReason is set on the DisruptionAllowed condition if there are -// more pods covered by the PDB than required and at least one can be disrupted. -#SufficientPodsReason: "SufficientPods" - -// InsufficientPodsReason is set on the DisruptionAllowed condition if the number -// of pods are equal to or fewer than required by the PDB. -#InsufficientPodsReason: "InsufficientPods" - -// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods -#PodDisruptionBudget: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the PodDisruptionBudget. - // +optional - spec?: #PodDisruptionBudgetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the PodDisruptionBudget. - // +optional - status?: #PodDisruptionBudgetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodDisruptionBudgetList is a collection of PodDisruptionBudgets. -#PodDisruptionBudgetList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of PodDisruptionBudgets - items: [...#PodDisruptionBudget] @go(Items,[]PodDisruptionBudget) @protobuf(2,bytes,rep) -} - -// Eviction evicts a pod from its node subject to certain policies and safety constraints. -// This is a subresource of Pod. A request to cause such an eviction is -// created by POSTing to .../pods//evictions. -#Eviction: { - metav1.#TypeMeta - - // ObjectMeta describes the pod that is being evicted. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // DeleteOptions may be provided - // +optional - deleteOptions?: null | metav1.#DeleteOptions @go(DeleteOptions,*metav1.DeleteOptions) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue deleted file mode 100644 index 1c83e8b4..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -#GroupName: "rbac.authorization.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue deleted file mode 100644 index 521e355e..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue +++ /dev/null @@ -1,207 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -#APIGroupAll: "*" -#ResourceAll: "*" -#VerbAll: "*" -#NonResourceAll: "*" -#GroupKind: "Group" -#ServiceAccountKind: "ServiceAccount" -#UserKind: "User" - -// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" -#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate" - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -#PolicyRule: { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. '*' represents all resources. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep) -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -// +structType=atomic -#Subject: { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - // +optional - apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup) - - // Name of the object being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - // +optional - namespace?: string @go(Namespace) @protobuf(4,bytes,opt) -} - -// RoleRef contains information that points to the role being used -// +structType=atomic -#RoleRef: { - // APIGroup is the group for the resource being referenced - apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -#Role: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this Role - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) -} - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -#RoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// RoleBindingList is a collection of RoleBindings -#RoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of RoleBindings - items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep) -} - -// RoleList is a collection of Roles -#RoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of Roles - items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep) -} - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -#ClusterRole: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this ClusterRole - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) - - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - // +optional - aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt) -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -#AggregationRule: { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - // +optional - clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep) -} - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -#ClusterRoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -#ClusterRoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoleBindings - items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep) -} - -// ClusterRoleList is a collection of ClusterRoles -#ClusterRoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoles - items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue deleted file mode 100644 index 8cc2b5f2..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -#GroupName: "scheduling.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue deleted file mode 100644 index 1d8f9574..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue +++ /dev/null @@ -1,57 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - apiv1 "k8s.io/api/core/v1" -) - -// PriorityClass defines mapping from a priority class name to the priority -// integer value. The value can be any valid integer. -#PriorityClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // value represents the integer value of this priority class. This is the actual priority that pods - // receive when they have the name of this class in their pod spec. - value: int32 @go(Value) @protobuf(2,bytes,opt) - - // globalDefault specifies whether this PriorityClass should be considered as - // the default priority for pods that do not have any priority class. - // Only one PriorityClass can be marked as `globalDefault`. However, if more than - // one PriorityClasses exists with their `globalDefault` field set to true, - // the smallest value of such global default PriorityClasses will be used as the default priority. - // +optional - globalDefault?: bool @go(GlobalDefault) @protobuf(3,bytes,opt) - - // description is an arbitrary string that usually provides guidelines on - // when this priority class should be used. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // preemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | apiv1.#PreemptionPolicy @go(PreemptionPolicy,*apiv1.PreemptionPolicy) @protobuf(5,bytes,opt) -} - -// PriorityClassList is a collection of priority classes. -#PriorityClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of PriorityClasses - items: [...#PriorityClass] @go(Items,[]PriorityClass) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue deleted file mode 100644 index 641ce60c..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -#GroupName: "storage.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue deleted file mode 100644 index b5158650..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue +++ /dev/null @@ -1,652 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// StorageClass describes the parameters for a class of storage for -// which PersistentVolumes can be dynamically provisioned. -// -// StorageClasses are non-namespaced; the name of the storage class -// according to etcd is in ObjectMeta.Name. -#StorageClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // provisioner indicates the type of the provisioner. - provisioner: string @go(Provisioner) @protobuf(2,bytes,opt) - - // parameters holds the parameters for the provisioner that should - // create volumes of this storage class. - // +optional - parameters?: {[string]: string} @go(Parameters,map[string]string) @protobuf(3,bytes,rep) - - // reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. - // Defaults to Delete. - // +optional - reclaimPolicy?: null | v1.#PersistentVolumeReclaimPolicy @go(ReclaimPolicy,*v1.PersistentVolumeReclaimPolicy) @protobuf(4,bytes,opt,casttype=k8s.io/api/core/v1.PersistentVolumeReclaimPolicy) - - // mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. - // e.g. ["ro", "soft"]. Not validated - - // mount of the PVs will simply fail if one is invalid. - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(5,bytes,opt) - - // allowVolumeExpansion shows whether the storage class allow volume expand. - // +optional - allowVolumeExpansion?: null | bool @go(AllowVolumeExpansion,*bool) @protobuf(6,varint,opt) - - // volumeBindingMode indicates how PersistentVolumeClaims should be - // provisioned and bound. When unset, VolumeBindingImmediate is used. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - volumeBindingMode?: null | #VolumeBindingMode @go(VolumeBindingMode,*VolumeBindingMode) @protobuf(7,bytes,opt) - - // allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. - // Each volume plugin defines its own supported topology specifications. - // An empty TopologySelectorTerm list means there is no topology restriction. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - // +listType=atomic - allowedTopologies?: [...v1.#TopologySelectorTerm] @go(AllowedTopologies,[]v1.TopologySelectorTerm) @protobuf(8,bytes,rep) -} - -// StorageClassList is a collection of storage classes. -#StorageClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of StorageClasses - items: [...#StorageClass] @go(Items,[]StorageClass) @protobuf(2,bytes,rep) -} - -// VolumeBindingMode indicates how PersistentVolumeClaims should be bound. -// +enum -#VolumeBindingMode: string // #enumVolumeBindingMode - -#enumVolumeBindingMode: - #VolumeBindingImmediate | - #VolumeBindingWaitForFirstConsumer - -// VolumeBindingImmediate indicates that PersistentVolumeClaims should be -// immediately provisioned and bound. This is the default mode. -#VolumeBindingImmediate: #VolumeBindingMode & "Immediate" - -// VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims -// should not be provisioned and bound until the first Pod is created that -// references the PeristentVolumeClaim. The volume provisioning and -// binding will occur during Pod scheduing. -#VolumeBindingWaitForFirstConsumer: #VolumeBindingMode & "WaitForFirstConsumer" - -// VolumeAttachment captures the intent to attach or detach the specified volume -// to/from the specified node. -// -// VolumeAttachment objects are non-namespaced. -#VolumeAttachment: { - metav1.#TypeMeta - - // Standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents specification of the desired attach/detach volume behavior. - // Populated by the Kubernetes system. - spec: #VolumeAttachmentSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents status of the VolumeAttachment request. - // Populated by the entity completing the attach or detach - // operation, i.e. the external-attacher. - // +optional - status?: #VolumeAttachmentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentList is a collection of VolumeAttachment objects. -#VolumeAttachmentList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of VolumeAttachments - items: [...#VolumeAttachment] @go(Items,[]VolumeAttachment) @protobuf(2,bytes,rep) -} - -// VolumeAttachmentSpec is the specification of a VolumeAttachment request. -#VolumeAttachmentSpec: { - // attacher indicates the name of the volume driver that MUST handle this - // request. This is the name returned by GetPluginName(). - attacher: string @go(Attacher) @protobuf(1,bytes,opt) - - // source represents the volume that should be attached. - source: #VolumeAttachmentSource @go(Source) @protobuf(2,bytes,opt) - - // nodeName represents the node that the volume should be attached to. - nodeName: string @go(NodeName) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentSource represents a volume that should be attached. -// Right now only PersistenVolumes can be attached via external attacher, -// in future we may allow also inline volumes in pods. -// Exactly one member can be set. -#VolumeAttachmentSource: { - // persistentVolumeName represents the name of the persistent volume to attach. - // +optional - persistentVolumeName?: null | string @go(PersistentVolumeName,*string) @protobuf(1,bytes,opt) - - // inlineVolumeSpec contains all the information necessary to attach - // a persistent volume defined by a pod's inline VolumeSource. This field - // is populated only for the CSIMigration feature. It contains - // translated fields from a pod's inline VolumeSource to a - // PersistentVolumeSpec. This field is beta-level and is only - // honored by servers that enabled the CSIMigration feature. - // +optional - inlineVolumeSpec?: null | v1.#PersistentVolumeSpec @go(InlineVolumeSpec,*v1.PersistentVolumeSpec) @protobuf(2,bytes,opt) -} - -// VolumeAttachmentStatus is the status of a VolumeAttachment request. -#VolumeAttachmentStatus: { - // attached indicates the volume is successfully attached. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - attached: bool @go(Attached) @protobuf(1,varint,opt) - - // attachmentMetadata is populated with any - // information returned by the attach operation, upon successful attach, that must be passed - // into subsequent WaitForAttach or Mount calls. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachmentMetadata?: {[string]: string} @go(AttachmentMetadata,map[string]string) @protobuf(2,bytes,rep) - - // attachError represents the last error encountered during attach operation, if any. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachError?: null | #VolumeError @go(AttachError,*VolumeError) @protobuf(3,bytes,opt,casttype=VolumeError) - - // detachError represents the last error encountered during detach operation, if any. - // This field must only be set by the entity completing the detach - // operation, i.e. the external-attacher. - // +optional - detachError?: null | #VolumeError @go(DetachError,*VolumeError) @protobuf(4,bytes,opt,casttype=VolumeError) -} - -// VolumeError captures an error encountered during a volume operation. -#VolumeError: { - // time represents the time the error was encountered. - // +optional - time?: metav1.#Time @go(Time) @protobuf(1,bytes,opt) - - // message represents the error encountered during Attach or Detach operation. - // This string may be logged, so it should not contain sensitive - // information. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// CSIDriver captures information about a Container Storage Interface (CSI) -// volume driver deployed on the cluster. -// Kubernetes attach detach controller uses this object to determine whether attach is required. -// Kubelet uses this object to determine whether pod information needs to be passed on mount. -// CSIDriver objects are non-namespaced. -#CSIDriver: { - metav1.#TypeMeta - - // Standard object metadata. - // metadata.Name indicates the name of the CSI driver that this object - // refers to; it MUST be the same name returned by the CSI GetPluginName() - // call for that driver. - // The driver name must be 63 characters or less, beginning and ending with - // an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and - // alphanumerics between. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the CSI Driver. - spec: #CSIDriverSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSIDriverList is a collection of CSIDriver objects. -#CSIDriverList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIDriver - items: [...#CSIDriver] @go(Items,[]CSIDriver) @protobuf(2,bytes,rep) -} - -// CSIDriverSpec is the specification of a CSIDriver. -#CSIDriverSpec: { - // attachRequired indicates this CSI volume driver requires an attach - // operation (because it implements the CSI ControllerPublishVolume() - // method), and that the Kubernetes attach detach controller should call - // the attach volume interface which checks the volumeattachment status - // and waits until the volume is attached before proceeding to mounting. - // The CSI external-attacher coordinates with CSI volume driver and updates - // the volumeattachment status when the attach operation is complete. - // If the CSIDriverRegistry feature gate is enabled and the value is - // specified to false, the attach operation will be skipped. - // Otherwise the attach operation will be called. - // - // This field is immutable. - // - // +optional - attachRequired?: null | bool @go(AttachRequired,*bool) @protobuf(1,varint,opt) - - // podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) - // during mount operations, if set to true. - // If set to false, pod information will not be passed on mount. - // Default is false. - // - // The CSI driver specifies podInfoOnMount as part of driver deployment. - // If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. - // The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. - // - // The following VolumeConext will be passed if podInfoOnMount is set to true. - // This list might grow, but the prefix will be used. - // "csi.storage.k8s.io/pod.name": pod.Name - // "csi.storage.k8s.io/pod.namespace": pod.Namespace - // "csi.storage.k8s.io/pod.uid": string(pod.UID) - // "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume - // defined by a CSIVolumeSource, otherwise "false" - // - // "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only - // required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. - // Other drivers can leave pod info disabled and/or ignore this field. - // As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when - // deployed on such a cluster and the deployment determines which mode that is, for example - // via a command line parameter of the driver. - // - // This field is immutable. - // - // +optional - podInfoOnMount?: null | bool @go(PodInfoOnMount,*bool) @protobuf(2,bytes,opt) - - // volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. - // The default if the list is empty is "Persistent", which is the usage defined by the - // CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. - // - // The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec - // with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. - // A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. - // - // For more information about implementing this mode, see - // https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html - // A driver can support one or more of these modes and more modes may be added in the future. - // - // This field is beta. - // This field is immutable. - // - // +optional - // +listType=set - volumeLifecycleModes?: [...#VolumeLifecycleMode] @go(VolumeLifecycleModes,[]VolumeLifecycleMode) @protobuf(3,bytes,opt) - - // storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage - // capacity that the driver deployment will report by creating - // CSIStorageCapacity objects with capacity information, if set to true. - // - // The check can be enabled immediately when deploying a driver. - // In that case, provisioning new volumes with late binding - // will pause until the driver deployment has published - // some suitable CSIStorageCapacity object. - // - // Alternatively, the driver can be deployed with the field - // unset or false and it can be flipped later when storage - // capacity information has been published. - // - // This field was immutable in Kubernetes <= 1.22 and now is mutable. - // - // +optional - // +featureGate=CSIStorageCapacity - storageCapacity?: null | bool @go(StorageCapacity,*bool) @protobuf(4,bytes,opt) - - // fsGroupPolicy defines if the underlying volume supports changing ownership and - // permission of the volume before being mounted. - // Refer to the specific FSGroupPolicy values for additional details. - // - // This field is immutable. - // - // Defaults to ReadWriteOnceWithFSType, which will examine each volume - // to determine if Kubernetes should modify ownership and permissions of the volume. - // With the default policy the defined fsGroup will only be applied - // if a fstype is defined and the volume's access mode contains ReadWriteOnce. - // - // +optional - fsGroupPolicy?: null | #FSGroupPolicy @go(FSGroupPolicy,*FSGroupPolicy) @protobuf(5,bytes,opt) - - // tokenRequests indicates the CSI driver needs pods' service account - // tokens it is mounting volume for to do necessary authentication. Kubelet - // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. - // The CSI driver should parse and validate the following VolumeContext: - // "csi.storage.k8s.io/serviceAccount.tokens": { - // "": { - // "token": , - // "expirationTimestamp": , - // }, - // ... - // } - // - // Note: Audience in each TokenRequest should be different and at - // most one token is empty string. To receive a new token after expiry, - // RequiresRepublish can be used to trigger NodePublishVolume periodically. - // - // +optional - // +listType=atomic - tokenRequests?: [...#TokenRequest] @go(TokenRequests,[]TokenRequest) @protobuf(6,bytes,opt) - - // requiresRepublish indicates the CSI driver wants `NodePublishVolume` - // being periodically called to reflect any possible change in the mounted - // volume. This field defaults to false. - // - // Note: After a successful initial NodePublishVolume call, subsequent calls - // to NodePublishVolume should only update the contents of the volume. New - // mount points will not be seen by a running container. - // - // +optional - requiresRepublish?: null | bool @go(RequiresRepublish,*bool) @protobuf(7,varint,opt) - - // seLinuxMount specifies if the CSI driver supports "-o context" - // mount option. - // - // When "true", the CSI driver must ensure that all volumes provided by this CSI - // driver can be mounted separately with different `-o context` options. This is - // typical for storage backends that provide volumes as filesystems on block - // devices or as independent shared volumes. - // Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount - // option when mounting a ReadWriteOncePod volume used in Pod that has - // explicitly set SELinux context. In the future, it may be expanded to other - // volume AccessModes. In any case, Kubernetes will ensure that the volume is - // mounted only with a single SELinux context. - // - // When "false", Kubernetes won't pass any special SELinux mount options to the driver. - // This is typical for volumes that represent subdirectories of a bigger shared filesystem. - // - // Default is "false". - // - // +featureGate=SELinuxMountReadWriteOncePod - // +optional - seLinuxMount?: null | bool @go(SELinuxMount,*bool) @protobuf(8,varint,opt) -} - -// FSGroupPolicy specifies if a CSI Driver supports modifying -// volume ownership and permissions of the volume to be mounted. -// More modes may be added in the future. -#FSGroupPolicy: string // #enumFSGroupPolicy - -#enumFSGroupPolicy: - #ReadWriteOnceWithFSTypeFSGroupPolicy | - #FileFSGroupPolicy | - #NoneFSGroupPolicy - -// ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined -// to determine if the volume ownership and permissions -// should be modified. If a fstype is defined and the volume's access mode -// contains ReadWriteOnce, then the defined fsGroup will be applied. -// This mode should be defined if it's expected that the -// fsGroup may need to be modified depending on the pod's SecurityPolicy. -// This is the default behavior if no other FSGroupPolicy is defined. -#ReadWriteOnceWithFSTypeFSGroupPolicy: #FSGroupPolicy & "ReadWriteOnceWithFSType" - -// FileFSGroupPolicy indicates that CSI driver supports volume ownership -// and permission change via fsGroup, and Kubernetes will change the permissions -// and ownership of every file in the volume to match the user requested fsGroup in -// the pod's SecurityPolicy regardless of fstype or access mode. -// Use this mode if Kubernetes should modify the permissions and ownership -// of the volume. -#FileFSGroupPolicy: #FSGroupPolicy & "File" - -// NoneFSGroupPolicy indicates that volumes will be mounted without performing -// any ownership or permission modifications, as the CSIDriver does not support -// these operations. -// This mode should be selected if the CSIDriver does not support fsGroup modifications, -// for example when Kubernetes cannot change ownership and permissions on a volume due -// to root-squash settings on a NFS volume. -#NoneFSGroupPolicy: #FSGroupPolicy & "None" - -// VolumeLifecycleMode is an enumeration of possible usage modes for a volume -// provided by a CSI driver. More modes may be added in the future. -#VolumeLifecycleMode: string // #enumVolumeLifecycleMode - -#enumVolumeLifecycleMode: - #VolumeLifecyclePersistent | - #VolumeLifecycleEphemeral - -// TokenRequest contains parameters of a service account token. -#TokenRequest: { - // audience is the intended audience of the token in "TokenRequestSpec". - // It will default to the audiences of kube apiserver. - audience: string @go(Audience) @protobuf(1,bytes,opt) - - // expirationSeconds is the duration of validity of the token in "TokenRequestSpec". - // It has the same default value of "ExpirationSeconds" in "TokenRequestSpec". - // - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) -} - -// VolumeLifecyclePersistent explicitly confirms that the driver implements -// the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not -// set. Such volumes are managed in Kubernetes via the persistent volume -// claim mechanism and have a lifecycle that is independent of the pods which -// use them. -#VolumeLifecyclePersistent: #VolumeLifecycleMode & "Persistent" - -// VolumeLifecycleEphemeral indicates that the driver can be used for -// ephemeral inline volumes. Such volumes are specified inside the pod -// spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have -// a lifecycle that is tied to the lifecycle of the pod. For example, such -// a volume might contain data that gets created specifically for that pod, -// like secrets. -// But how the volume actually gets created and managed is entirely up to -// the driver. It might also use reference counting to share the same volume -// instance among different pods if the CSIVolumeSource of those pods is -// identical. -#VolumeLifecycleEphemeral: #VolumeLifecycleMode & "Ephemeral" - -// CSINode holds information about all CSI drivers installed on a node. -// CSI drivers do not need to create the CSINode object directly. As long as -// they use the node-driver-registrar sidecar container, the kubelet will -// automatically populate the CSINode object for the CSI driver as part of -// kubelet plugin registration. -// CSINode has the same name as a node. If the object is missing, it means either -// there are no CSI Drivers available on the node, or the Kubelet version is low -// enough that it doesn't create this object. -// CSINode has an OwnerReference that points to the corresponding node object. -#CSINode: { - metav1.#TypeMeta - - // Standard object's metadata. - // metadata.name must be the Kubernetes node name. - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification of CSINode - spec: #CSINodeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSINodeSpec holds information about the specification of all CSI drivers installed on a node -#CSINodeSpec: { - // drivers is a list of information of all CSI Drivers existing on a node. - // If all drivers in the list are uninstalled, this can become empty. - // +patchMergeKey=name - // +patchStrategy=merge - drivers: [...#CSINodeDriver] @go(Drivers,[]CSINodeDriver) @protobuf(1,bytes,rep) -} - -// CSINodeDriver holds information about the specification of one CSI driver installed on a node -#CSINodeDriver: { - // name represents the name of the CSI driver that this object refers to. - // This MUST be the same name returned by the CSI GetPluginName() call for - // that driver. - name: string @go(Name) @protobuf(1,bytes,opt) - - // nodeID of the node from the driver point of view. - // This field enables Kubernetes to communicate with storage systems that do - // not share the same nomenclature for nodes. For example, Kubernetes may - // refer to a given node as "node1", but the storage system may refer to - // the same node as "nodeA". When Kubernetes issues a command to the storage - // system to attach a volume to a specific node, it can use this field to - // refer to the node name using the ID that the storage system will - // understand, e.g. "nodeA" instead of "node1". This field is required. - nodeID: string @go(NodeID) @protobuf(2,bytes,opt) - - // topologyKeys is the list of keys supported by the driver. - // When a driver is initialized on a cluster, it provides a set of topology - // keys that it understands (e.g. "company.com/zone", "company.com/region"). - // When a driver is initialized on a node, it provides the same topology keys - // along with values. Kubelet will expose these topology keys as labels - // on its own node object. - // When Kubernetes does topology aware provisioning, it can use this list to - // determine which labels it should retrieve from the node object and pass - // back to the driver. - // It is possible for different nodes to use different topology keys. - // This can be empty if driver does not support topology. - // +optional - topologyKeys: [...string] @go(TopologyKeys,[]string) @protobuf(3,bytes,rep) - - // allocatable represents the volume resources of a node that are available for scheduling. - // This field is beta. - // +optional - allocatable?: null | #VolumeNodeResources @go(Allocatable,*VolumeNodeResources) @protobuf(4,bytes,opt) -} - -// VolumeNodeResources is a set of resource limits for scheduling of volumes. -#VolumeNodeResources: { - // count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. - // A volume that is both attached and mounted on a node is considered to be used once, not twice. - // The same rule applies for a unique volume that is shared among multiple pods on the same node. - // If this field is not specified, then the supported number of volumes on this node is unbounded. - // +optional - count?: null | int32 @go(Count,*int32) @protobuf(1,varint,opt) -} - -// CSINodeList is a collection of CSINode objects. -#CSINodeList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSINode - items: [...#CSINode] @go(Items,[]CSINode) @protobuf(2,bytes,rep) -} - -// CSIStorageCapacity stores the result of one CSI GetCapacity call. -// For a given StorageClass, this describes the available capacity in a -// particular topology segment. This can be used when considering where to -// instantiate new PersistentVolumes. -// -// For example this can express things like: -// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" -// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123" -// -// The following three cases all imply that no capacity is available for -// a certain combination: -// - no object exists with suitable topology and storage class name -// - such an object exists, but the capacity is unset -// - such an object exists, but the capacity is zero -// -// The producer of these objects can decide which approach is more suitable. -// -// They are consumed by the kube-scheduler when a CSI driver opts into -// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler -// compares the MaximumVolumeSize against the requested size of pending volumes -// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back -// to a comparison against the less precise Capacity. If that is also unset, -// the scheduler assumes that capacity is insufficient and tries some other -// node. -#CSIStorageCapacity: { - metav1.#TypeMeta - - // Standard object's metadata. - // The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). - // To ensure that there are no conflicts with other CSI drivers on the cluster, - // the recommendation is to use csisc-, a generated name, or a reverse-domain name - // which ends with the unique CSI driver name. - // - // Objects are namespaced. - // - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // nodeTopology defines which nodes have access to the storage - // for which capacity was reported. If not set, the storage is - // not accessible from any node in the cluster. If empty, the - // storage is accessible from all nodes. This field is - // immutable. - // - // +optional - nodeTopology?: null | metav1.#LabelSelector @go(NodeTopology,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // storageClassName represents the name of the StorageClass that the reported capacity applies to. - // It must meet the same requirements as the name of a StorageClass - // object (non-empty, DNS subdomain). If that object no longer exists, - // the CSIStorageCapacity object is obsolete and should be removed by its - // creator. - // This field is immutable. - storageClassName: string @go(StorageClassName) @protobuf(3,bytes) - - // capacity is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // The semantic is currently (CSI spec 1.2) defined as: - // The available capacity, in bytes, of the storage that can be used - // to provision volumes. If not set, that information is currently - // unavailable. - // - // +optional - capacity?: null | resource.#Quantity @go(Capacity,*resource.Quantity) @protobuf(4,bytes,opt) - - // maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // This is defined since CSI spec 1.4.0 as the largest size - // that may be used in a - // CreateVolumeRequest.capacity_range.required_bytes field to - // create a volume with the same parameters as those in - // GetCapacityRequest. The corresponding value in the Kubernetes - // API is ResourceRequirements.Requests in a volume claim. - // - // +optional - maximumVolumeSize?: null | resource.#Quantity @go(MaximumVolumeSize,*resource.Quantity) @protobuf(5,bytes,opt) -} - -// CSIStorageCapacityList is a collection of CSIStorageCapacity objects. -#CSIStorageCapacityList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIStorageCapacity objects. - // +listType=map - // +listMapKey=name - items: [...#CSIStorageCapacity] @go(Items,[]CSIStorageCapacity) @protobuf(2,bytes,rep) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue deleted file mode 100644 index 083aa825..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -// Package v1 is the v1 version of the API. -package v1 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue deleted file mode 100644 index c4ce800f..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -#GroupName: "apiextensions.k8s.io" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue deleted file mode 100644 index b938c8ba..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue +++ /dev/null @@ -1,513 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// ConversionStrategyType describes different conversion types. -#ConversionStrategyType: string // #enumConversionStrategyType - -#enumConversionStrategyType: - #NoneConverter | - #WebhookConverter - -// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces. -// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL. -// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged. -#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io" - -// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged. -#NoneConverter: #ConversionStrategyType & "None" - -// WebhookConverter is a converter that calls to an external webhook to convert the CR. -#WebhookConverter: #ConversionStrategyType & "Webhook" - -// CustomResourceDefinitionSpec describes how a user wants their resource to appear -#CustomResourceDefinitionSpec: { - // group is the API group of the defined custom resource. - // The custom resources are served under `/apis//...`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - group: string @go(Group) @protobuf(1,bytes,opt) - - // names specify the resource and kind names for the custom resource. - names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt) - - // scope indicates whether the defined custom resource is cluster- or namespace-scoped. - // Allowed values are `Cluster` and `Namespaced`. - scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope) - - // versions is the list of all API versions of the defined custom resource. - // Version names are used to compute the order in which served versions are listed in API discovery. - // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered - // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), - // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first - // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing - // major version, then minor version. An example sorted list of versions: - // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. - versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep) - - // conversion defines conversion settings for the CRD. - // +optional - conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt) - - // preserveUnknownFields indicates that object fields which are not specified - // in the OpenAPI schema should be preserved when persisting to storage. - // apiVersion, kind, metadata and known fields inside metadata are always preserved. - // This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. - // See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details. - // +optional - preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt) -} - -// CustomResourceConversion describes how to convert different versions of a CR. -#CustomResourceConversion: { - // strategy specifies how custom resources are converted between versions. Allowed values are: - // - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. - // - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information - // is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. - strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes) - - // webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`. - // +optional - webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt) -} - -// WebhookConversion describes how to call a conversion webhook -#WebhookConversion: { - // clientConfig is the instructions for how to call the webhook if strategy is `Webhook`. - // +optional - clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes) - - // conversionReviewVersions is an ordered list of preferred `ConversionReview` - // versions the Webhook expects. The API server will use the first version in - // the list which it supports. If none of the versions specified in this list - // are supported by API server, conversion will fail for the custom resource. - // If a persisted Webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail. - conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep) -} - -// WebhookClientConfig contains the information to make a TLS connection with the webhook. -#WebhookClientConfig: { - // url gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // service is a reference to the service for this webhook. Either - // service or url must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // namespace is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // name is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // path is an optional URL path at which the webhook will be contacted. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // port is an optional service port at which the webhook will be contacted. - // `port` should be a valid port number (1-65535, inclusive). - // Defaults to 443 for backward compatibility. - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// CustomResourceDefinitionVersion describes a version for CRD. -#CustomResourceDefinitionVersion: { - // name is the version name, e.g. “v1”, “v2beta1”, etc. - // The custom resources are served under this version at `/apis///...` if `served` is true. - name: string @go(Name) @protobuf(1,bytes,opt) - - // served is a flag enabling/disabling this version from being served via REST APIs - served: bool @go(Served) @protobuf(2,varint,opt) - - // storage indicates this version should be used when persisting custom resources to storage. - // There must be exactly one version with storage=true. - storage: bool @go(Storage) @protobuf(3,varint,opt) - - // deprecated indicates this version of the custom resource API is deprecated. - // When set to true, API requests to this version receive a warning header in the server response. - // Defaults to false. - // +optional - deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt) - - // deprecationWarning overrides the default warning returned to API clients. - // May only be set when `deprecated` is true. - // The default warning indicates this version is deprecated and recommends use - // of the newest served version of equal or greater stability, if one exists. - // +optional - deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt) - - // schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource. - // +optional - schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt) - - // subresources specify what subresources this version of the defined custom resource have. - // +optional - subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt) - - // additionalPrinterColumns specifies additional columns returned in Table output. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. - // If no columns are specified, a single column displaying the age of the custom resource is used. - // +optional - additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep) -} - -// CustomResourceColumnDefinition specifies a column for server side printing. -#CustomResourceColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) @protobuf(1,bytes,opt) - - // type is an OpenAPI type definition for this column. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - type: string @go(Type) @protobuf(2,bytes,opt) - - // format is an optional OpenAPI type definition for this column. The 'name' format is applied - // to the primary identifier column to assist in clients identifying column is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - // +optional - format?: string @go(Format) @protobuf(3,bytes,opt) - - // description is a human readable description of this column. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a priority greater than 0. - // +optional - priority?: int32 @go(Priority) @protobuf(5,bytes,opt) - - // jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against - // each custom resource to produce the value for this column. - jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt) -} - -// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition -#CustomResourceDefinitionNames: { - // plural is the plural name of the resource to serve. - // The custom resources are served under `/apis///.../`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - // Must be all lowercase. - plural: string @go(Plural) @protobuf(1,bytes,opt) - - // singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. - // +optional - singular?: string @go(Singular) @protobuf(2,bytes,opt) - - // shortNames are short names for the resource, exposed in API discovery documents, - // and used by clients to support invocations like `kubectl get `. - // It must be all lowercase. - // +optional - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt) - - // kind is the serialized kind of the resource. It is normally CamelCase and singular. - // Custom resource instances will use this value as the `kind` attribute in API calls. - kind: string @go(Kind) @protobuf(4,bytes,opt) - - // listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". - // +optional - listKind?: string @go(ListKind) @protobuf(5,bytes,opt) - - // categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). - // This is published in API discovery documents, and used by clients to support invocations like - // `kubectl get all`. - // +optional - categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep) -} - -// ResourceScope is an enum defining the different scopes available to a custom resource -#ResourceScope: string // #enumResourceScope - -#enumResourceScope: - #ClusterScoped | - #NamespaceScoped - -#ClusterScoped: #ResourceScope & "Cluster" -#NamespaceScoped: #ResourceScope & "Namespaced" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type -#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType - -#enumCustomResourceDefinitionConditionType: - #Established | - #NamesAccepted | - #NonStructuralSchema | - #Terminating | - #KubernetesAPIApprovalPolicyConformant - -// Established means that the resource has become active. A resource is established when all names are -// accepted without a conflict for the first time. A resource stays established until deleted, even during -// a later NamesAccepted due to changed names. Note that not all names can be changed. -#Established: #CustomResourceDefinitionConditionType & "Established" - -// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in -// the group and are therefore accepted. -#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted" - -// NonStructuralSchema means that one or more OpenAPI schema is not structural. -// -// A schema is structural if it specifies types for all values, with the only exceptions of those with -// - x-kubernetes-int-or-string: true — for fields which can be integer or string -// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values -// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions -// specified under allOf, anyOf, oneOf or not. -// -// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be -// available for non-structural CRDs: -// - pruning -// - defaulting -// - read-only -// - OpenAPI publishing -// - webhook conversion -#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema" - -// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up. -#Terminating: #CustomResourceDefinitionConditionType & "Terminating" - -// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs -// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will -// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false. -// See https://github.com/kubernetes/enhancements/pull/1111 for more details. -#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant" - -// CustomResourceDefinitionCondition contains details for the current condition of this pod. -#CustomResourceDefinitionCondition: { - // type is the type of the condition. Types include Established, NamesAccepted and Terminating. - type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType) - - // status is the status of the condition. - // Can be True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastTransitionTime last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is a unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition -#CustomResourceDefinitionStatus: { - // conditions indicate state for particular aspects of a CustomResourceDefinition - // +optional - // +listType=map - // +listMapKey=type - conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt) - - // acceptedNames are the names that are actually being used to serve discovery. - // They may be different than the names in spec. - // +optional - acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt) - - // storedVersions lists all versions of CustomResources that were ever persisted. Tracking these - // versions allows a migration path for stored versions in etcd. The field is mutable - // so a migration controller can finish a migration to another version (ensuring - // no old objects are left in storage), and then remove the rest of the - // versions from this list. - // Versions may not be removed from `spec.versions` while they exist in this list. - // +optional - storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep) -} - -#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io" - -// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format -// <.spec.name>.<.spec.group>. -#CustomResourceDefinition: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec describes how the user wants the resources to appear - spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt) - - // status indicates the actual state of the CustomResourceDefinition - // +optional - status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CustomResourceDefinitionList is a list of CustomResourceDefinition objects. -#CustomResourceDefinitionList: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items list individual CustomResourceDefinition objects - items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep) -} - -// CustomResourceValidation is a list of validation methods for CustomResources. -#CustomResourceValidation: { - // openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning. - // +optional - openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt) -} - -// CustomResourceSubresources defines the status and scale subresources for CustomResources. -#CustomResourceSubresources: { - // status indicates the custom resource should serve a `/status` subresource. - // When enabled: - // 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. - // 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. - // +optional - status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt) - - // scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object. - // +optional - scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt) -} - -// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. -// Status is represented by the `.status` JSON path inside of a CustomResource. When set, -// * exposes a /status subresource for the custom resource -// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza -// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza -#CustomResourceSubresourceStatus: { -} - -// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources. -#CustomResourceSubresourceScale: { - // specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.spec`. - // If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. - specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes) - - // statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status`. - // If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource - // will default to 0. - statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt) - - // labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status` or `.spec`. - // Must be set to work with HorizontalPodAutoscaler. - // The field pointed by this JSON path must be a string field (not a complex selector struct) - // which contains a serialized label selector in string form. - // More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource - // If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` - // subresource will default to the empty string. - // +optional - labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt) -} - -// ConversionReview describes a conversion request/response. -#ConversionReview: { - metav1.#TypeMeta - - // request describes the attributes for the conversion request. - // +optional - request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt) - - // response describes the attributes for the conversion response. - // +optional - response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt) -} - -// ConversionRequest describes the conversion request parameters. -#ConversionRequest: { - // uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are - // otherwise identical (parallel requests, etc). - // The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1" - desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes) - - // objects is the list of custom resource objects to be converted. - objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep) -} - -// ConversionResponse describes a conversion response. -#ConversionResponse: { - // uid is an identifier for the individual request/response. - // This should be copied over from the corresponding `request.uid`. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty. - // The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list - // must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace). - // The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored. - convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep) - - // result contains the result of conversion with extra details if the conversion failed. `result.status` determines if - // the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the - // conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set - // `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message` - // will be used to construct an error message for the end user. - result: metav1.#Status @go(Result) @protobuf(3,bytes) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue deleted file mode 100644 index 19f42c1f..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue +++ /dev/null @@ -1,317 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -// FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation. -// +enum -#FieldValueErrorReason: string // #enumFieldValueErrorReason - -#enumFieldValueErrorReason: - #FieldValueRequired | - #FieldValueDuplicate | - #FieldValueInvalid | - #FieldValueForbidden - -// FieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#FieldValueRequired: #FieldValueErrorReason & "FieldValueRequired" - -// FieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#FieldValueDuplicate: #FieldValueErrorReason & "FieldValueDuplicate" - -// FieldValueInvalid is used to report malformed values (e.g. failed regex -// match, too long, out of bounds). -#FieldValueInvalid: #FieldValueErrorReason & "FieldValueInvalid" - -// FieldValueForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). -#FieldValueForbidden: #FieldValueErrorReason & "FieldValueForbidden" - -// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). -#JSONSchemaProps: { - id?: string @go(ID) @protobuf(1,bytes,opt) - $schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema) - $ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref) - description?: string @go(Description) @protobuf(4,bytes,opt) - type?: string @go(Type) @protobuf(5,bytes,opt) - - // format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: - // - // - bsonobjectid: a bson object ID, i.e. a 24 characters hex string - // - uri: an URI as parsed by Golang net/url.ParseRequestURI - // - email: an email address as parsed by Golang net/mail.ParseAddress - // - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - // - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - // - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - // - cidr: a CIDR as parsed by Golang net.ParseCIDR - // - mac: a MAC address as parsed by Golang net.ParseMAC - // - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" - // - isbn10: an ISBN10 number string like "0321751043" - // - isbn13: an ISBN13 number string like "978-0321751041" - // - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - // - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - // - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - // - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" - // - byte: base64 encoded binary data - // - password: any kind of string - // - date: a date string like "2006-01-02" as defined by full-date in RFC3339 - // - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format - // - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. - format?: string @go(Format) @protobuf(6,bytes,opt) - title?: string @go(Title) @protobuf(7,bytes,opt) - - // default is a default value for undefined object fields. - // Defaulting is a beta feature under the CustomResourceDefaulting feature gate. - // Defaulting requires spec.preserveUnknownFields to be false. - default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt) - maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt) - exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt) - minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt) - exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt) - maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt) - minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt) - pattern?: string @go(Pattern) @protobuf(15,bytes,opt) - maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt) - minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt) - uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt) - multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt) - enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep) - maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt) - minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt) - required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep) - items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt) - allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep) - oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep) - anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep) - not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt) - properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep) - additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt) - patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep) - dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt) - additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt) - definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt) - externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt) - example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt) - nullable?: bool @go(Nullable) @protobuf(37,bytes,opt) - - // x-kubernetes-preserve-unknown-fields stops the API server - // decoding step from pruning fields which are not specified - // in the validation schema. This affects fields recursively, - // but switches back to normal pruning behaviour if nested - // properties or additionalProperties are specified in the schema. - // This can either be true or undefined. False is forbidden. - "x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields) - - // x-kubernetes-embedded-resource defines that the value is an - // embedded Kubernetes runtime.Object, with TypeMeta and - // ObjectMeta. The type must be object. It is allowed to further - // restrict the embedded object. kind, apiVersion and metadata - // are validated automatically. x-kubernetes-preserve-unknown-fields - // is allowed to be true, but does not have to be if the object - // is fully specified (up to kind, apiVersion, metadata). - "x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource) - - // x-kubernetes-int-or-string specifies that this value is - // either an integer or a string. If this is true, an empty - // type is allowed and type as child of anyOf is permitted - // if following one of the following patterns: - // - // 1) anyOf: - // - type: integer - // - type: string - // 2) allOf: - // - anyOf: - // - type: integer - // - type: string - // - ... zero or more - "x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString) - - // x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used - // as the index of the map. - // - // This tag MUST only be used on lists that have the "x-kubernetes-list-type" - // extension set to "map". Also, the values specified for this attribute must - // be a scalar typed field of the child structure (no nesting is supported). - // - // The properties specified must either be required or have a default value, - // to ensure those properties are present for all list items. - // - // +optional - "x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys) - - // x-kubernetes-list-type annotates an array to further describe its topology. - // This extension must only be used on lists and may have 3 possible values: - // - // 1) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic lists will be entirely replaced when updated. This extension - // may be used on any type of list (struct, scalar, ...). - // 2) `set`: - // Sets are lists that must not have multiple items with the same value. Each - // value must be a scalar, an object with x-kubernetes-map-type `atomic` or an - // array with x-kubernetes-list-type `atomic`. - // 3) `map`: - // These lists are like maps in that their elements have a non-index key - // used to identify them. Order is preserved upon merge. The map tag - // must only be used on a list with elements of type object. - // Defaults to atomic for arrays. - // +optional - "x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType) - - // x-kubernetes-map-type annotates an object to further describe its topology. - // This extension must only be used when type is object and may have 2 possible values: - // - // 1) `granular`: - // These maps are actual maps (key-value pairs) and each fields are independent - // from each other (they can each be manipulated by separate actors). This is - // the default behaviour for all maps. - // 2) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic maps will be entirely replaced when updated. - // +optional - "x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType) - - // x-kubernetes-validations describes a list of validation rules written in the CEL expression language. - // This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled. - // +patchMergeKey=rule - // +patchStrategy=merge - // +listType=map - // +listMapKey=rule - "x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations) -} - -// ValidationRules describes a list of validation rules written in the CEL expression language. -#ValidationRules: [...#ValidationRule] - -// ValidationRule describes a validation rule written in the CEL expression language. -#ValidationRule: { - // Rule represents the expression which will be evaluated by CEL. - // ref: https://github.com/google/cel-spec - // The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. - // The `self` variable in the CEL expression is bound to the scoped value. - // Example: - // - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"} - // - // If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable - // via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as - // absent fields in CEL expressions. - // If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map - // are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map - // are accessible via CEL macros and functions such as `self.all(...)`. - // If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and - // functions. - // If the Rule is scoped to a scalar, `self` is bound to the scalar value. - // Examples: - // - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"} - // - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"} - // - Rule scoped to a string value: {"rule": "self.startsWith('kube')"} - // - // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the - // object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible. - // - // Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL - // expressions. This includes: - // - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - // - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as: - // - A schema with no type and x-kubernetes-preserve-unknown-fields set to true - // - An array where the items schema is of an "unknown type" - // - An object where the additionalProperties schema is of an "unknown type" - // - // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. - // Accessible property names are escaped according to the following rules when accessed in the expression: - // - '__' escapes to '__underscores__' - // - '.' escapes to '__dot__' - // - '-' escapes to '__dash__' - // - '/' escapes to '__slash__' - // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: - // "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", - // "import", "let", "loop", "package", "namespace", "return". - // Examples: - // - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"} - // - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"} - // - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"} - // - // Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. - // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: - // - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and - // non-intersecting elements in `Y` are appended, retaining their partial order. - // - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values - // are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with - // non-intersecting keys are appended, retaining their partial order. - rule: string @go(Rule) @protobuf(1,bytes,opt) - - // Message represents the message displayed when validation fails. The message is required if the Rule contains - // line breaks. The message must not contain line breaks. - // If unset, the message is "failed rule: {Rule}". - // e.g. "must be a URL with the host matching spec.host" - message?: string @go(Message) @protobuf(2,bytes,opt) - - // MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. - // Since messageExpression is used as a failure message, it must evaluate to a string. - // If both message and messageExpression are present on a rule, then messageExpression will be used if validation - // fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced - // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string - // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and - // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. - // messageExpression has access to all the same variables as the rule; the only difference is the return type. - // Example: - // "x must be less than max ("+string(self.max)+")" - // +optional - messageExpression?: string @go(MessageExpression) @protobuf(3,bytes,opt) - - // reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. - // The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule. - // The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". - // If not set, default to use "FieldValueInvalid". - // All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. - // +optional - reason?: null | #FieldValueErrorReason @go(Reason,*FieldValueErrorReason) @protobuf(4,bytes,opt) - - // fieldPath represents the field path returned when the validation fails. - // It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. - // e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` - // If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` - // It does not support list numeric index. - // It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. - // Numeric index of array is not supported. - // For field name which contains special characters, use `['specialName']` to refer the field name. - // e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` - // +optional - fieldPath?: string @go(FieldPath) @protobuf(5,bytes,opt) -} - -// JSON represents any valid JSON value. -// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. -#JSON: _ - -// JSONSchemaURL represents a schema url. -#JSONSchemaURL: string - -// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps -// or an array of JSONSchemaProps. Mainly here for serialization purposes. -#JSONSchemaPropsOrArray: _ - -// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. -// Defaults to true for the boolean property. -#JSONSchemaPropsOrBool: _ - -// JSONSchemaDependencies represent a dependencies property. -#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray} - -// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array. -#JSONSchemaPropsOrStringArray: _ - -// JSONSchemaDefinitions contains the models explicitly defined in this spec. -#JSONSchemaDefinitions: {[string]: #JSONSchemaProps} - -// ExternalDocumentation allows referencing an external resource for extended documentation. -#ExternalDocumentation: { - description?: string @go(Description) @protobuf(1,bytes,opt) - url?: string @go(URL) @protobuf(2,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff53860..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a46..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b28..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec26..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 83539273..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c9..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b6..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c39..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d5..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644c..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e3..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f2..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f07..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb62..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f467..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf89..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745a..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd828..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc365..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b9189..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec8..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be..00000000 --- a/platform/modules/adhar-console/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/platform/modules/adhar-console/cue.mod/module.cue b/platform/modules/adhar-console/cue.mod/module.cue deleted file mode 100644 index 58ef73ae..00000000 --- a/platform/modules/adhar-console/cue.mod/module.cue +++ /dev/null @@ -1 +0,0 @@ -module: "timoni.sh/adhar-console" diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f09896..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b062..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573a..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397..00000000 --- a/platform/modules/adhar-console/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/platform/modules/adhar-console/debug_tool.cue b/platform/modules/adhar-console/debug_tool.cue deleted file mode 100644 index cf9c1472..00000000 --- a/platform/modules/adhar-console/debug_tool.cue +++ /dev/null @@ -1,35 +0,0 @@ -package main - -import ( - "tool/cli" - "encoding/yaml" - "text/tabwriter" -) - -_resources: timoni.apply.app + timoni.apply.test - -// The build command generates the Kubernetes manifests and prints the multi-docs YAML to stdout. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -command: build: { - task: print: cli.Print & { - text: yaml.MarshalStream(_resources) - } -} - -// The ls command prints a table with the Kubernetes resources kind, namespace, name and version. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 ls'. -command: ls: { - task: print: cli.Print & { - text: tabwriter.Write([ - "RESOURCE \tAPI VERSION", - for r in _resources { - if r.metadata.namespace == _|_ { - "\(r.kind)/\(r.metadata.name) \t\(r.apiVersion)" - } - if r.metadata.namespace != _|_ { - "\(r.kind)/\(r.metadata.namespace)/\(r.metadata.name) \t\(r.apiVersion)" - } - }, - ]) - } -} diff --git a/platform/modules/adhar-console/debug_values.cue b/platform/modules/adhar-console/debug_values.cue deleted file mode 100644 index d888c34f..00000000 --- a/platform/modules/adhar-console/debug_values.cue +++ /dev/null @@ -1,30 +0,0 @@ -@if(debug) - -package main - -// Values used by debug_tool.cue. -// Debug example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -values: { - podAnnotations: "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - message: "Hello Debug" - image: { - repository: "docker.io/nginx" - tag: "1-alpine" - digest: "" - } - test: { - enabled: true - image: { - repository: "docker.io/curlimages/curl" - tag: "latest" - digest: "" - } - } - affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{ - matchExpressions: [{ - key: "kubernetes.io/os" - operator: "In" - values: ["linux"] - }] - }] -} diff --git a/platform/modules/adhar-console/templates/config.cue b/platform/modules/adhar-console/templates/config.cue deleted file mode 100644 index 5769b01f..00000000 --- a/platform/modules/adhar-console/templates/config.cue +++ /dev/null @@ -1,113 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -// Config defines the schema and defaults for the Instance values. -#Config: { - // The kubeVersion is a required field, set at apply-time - // via timoni.cue by querying the user's Kubernetes API. - kubeVersion!: string - // Using the kubeVersion you can enforce a minimum Kubernetes minor version. - // By default, the minimum Kubernetes version is set to 1.20. - clusterVersion: timoniv1.#SemVer & {#Version: kubeVersion, #Minimum: "1.20.0"} - - // The moduleVersion is set from the user-supplied module version. - // This field is used for the `app.kubernetes.io/version` label. - moduleVersion!: string - - // The Kubernetes metadata common to all resources. - // The `metadata.name` and `metadata.namespace` fields are - // set from the user-supplied instance name and namespace. - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - - // The labels allows adding `metadata.labels` to all resources. - // The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels - // are automatically generated and can't be overwritten. - metadata: labels: timoniv1.#Labels - - // The annotations allows adding `metadata.annotations` to all resources. - metadata: annotations?: timoniv1.#Annotations - - // The selector allows adding label selectors to Deployments and Services. - // The `app.kubernetes.io/name` label selector is automatically generated - // from the instance name and can't be overwritten. - selector: timoniv1.#Selector & {#Name: metadata.name} - - // The image allows setting the container image repository, - // tag, digest and pull policy. - // The default image repository and tag is set in `values.cue`. - image!: timoniv1.#Image - - // The resources allows setting the container resource requirements. - // By default, the container requests 10m CPU and 32Mi memory. - resources: timoniv1.#ResourceRequirements & { - requests: { - cpu: *"10m" | timoniv1.#CPUQuantity - memory: *"32Mi" | timoniv1.#MemoryQuantity - } - } - - // The number of pods replicas. - // By default, the number of replicas is 1. - replicas: *1 | int & >0 - - // The securityContext allows setting the container security context. - // By default, the container is denined privilege escalation. - securityContext: corev1.#SecurityContext & { - allowPrivilegeEscalation: *false | true - privileged: *false | true - capabilities: - { - drop: *["ALL"] | [string] - add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] - } - } - - // The service allows setting the Kubernetes Service annotations and port. - // By default, the HTTP port is 80. - service: { - annotations?: timoniv1.#Annotations - - port: *80 | int & >0 & <=65535 - } - - // Pod optional settings. - podAnnotations?: {[string]: string} - podSecurityContext?: corev1.#PodSecurityContext - imagePullSecrets?: [...timoniv1.#ObjectReference] - tolerations?: [...corev1.#Toleration] - affinity?: corev1.#Affinity - topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] - - // Test Job disabled by default. - test: { - enabled: *false | bool - image!: timoniv1.#Image - } - - // App settings. - message!: string -} - -// Instance takes the config values and outputs the Kubernetes objects. -#Instance: { - config: #Config - - objects: { - sa: #ServiceAccount & {#config: config} - svc: #Service & {#config: config} - cm: #ConfigMap & {#config: config} - - deploy: #Deployment & { - #config: config - #cmName: objects.cm.metadata.name - } - } - - tests: { - "test-svc": #TestJob & {#config: config} - } -} diff --git a/platform/modules/adhar-console/templates/configmap.cue b/platform/modules/adhar-console/templates/configmap.cue deleted file mode 100644 index 7f591f15..00000000 --- a/platform/modules/adhar-console/templates/configmap.cue +++ /dev/null @@ -1,55 +0,0 @@ -package templates - -import ( - timoniv1 "timoni.sh/core/v1alpha1" -) - -#ConfigMap: timoniv1.#ImmutableConfig & { - #config: #Config - #Kind: timoniv1.#ConfigMapKind - #Meta: #config.metadata - #Data: { - "nginx.default.conf": """ - server { - listen 8080; - server_name \(#config.metadata.name); - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - location /healthz { - access_log off; - default_type text/plain; - return 200 "OK"; - } - - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } - """ - "index.html": """ - - - - - - \(#config.metadata.name) - - - -

\(#config.message) from \(#config.metadata.name)!

-

If you see this page, the \(#config.metadata.name) instance is successfully deployed in the \(#config.metadata.namespace) namespace by Timoni.

- - - """ - } -} diff --git a/platform/modules/adhar-console/templates/deployment.cue b/platform/modules/adhar-console/templates/deployment.cue deleted file mode 100644 index e73b35eb..00000000 --- a/platform/modules/adhar-console/templates/deployment.cue +++ /dev/null @@ -1,104 +0,0 @@ -package templates - -import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" -) - -#Deployment: appsv1.#Deployment & { - #config: #Config - #cmName: string - apiVersion: "apps/v1" - kind: "Deployment" - metadata: #config.metadata - spec: appsv1.#DeploymentSpec & { - replicas: #config.replicas - selector: matchLabels: #config.selector.labels - template: { - metadata: { - labels: #config.selector.labels - if #config.podAnnotations != _|_ { - annotations: #config.podAnnotations - } - } - spec: corev1.#PodSpec & { - serviceAccountName: #config.metadata.name - containers: [ - { - name: #config.metadata.name - image: #config.image.reference - imagePullPolicy: #config.image.pullPolicy - ports: [ - { - name: "http" - containerPort: 8080 - protocol: "TCP" - }, - ] - livenessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - readinessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - volumeMounts: [ - { - mountPath: "/etc/nginx/conf.d" - name: "config" - }, - { - mountPath: "/usr/share/nginx/html" - name: "html" - }, - ] - resources: #config.resources - securityContext: #config.securityContext - }, - ] - volumes: [ - { - name: "config" - configMap: { - name: #cmName - items: [{ - key: "nginx.default.conf" - path: key - }] - } - }, - { - name: "html" - configMap: { - name: #cmName - items: [{ - key: "index.html" - path: key - }] - } - }, - ] - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - } -} diff --git a/platform/modules/adhar-console/templates/job.cue b/platform/modules/adhar-console/templates/job.cue deleted file mode 100644 index 80b9bdf8..00000000 --- a/platform/modules/adhar-console/templates/job.cue +++ /dev/null @@ -1,58 +0,0 @@ -package templates - -import ( - "encoding/yaml" - "uuid" - - corev1 "k8s.io/api/core/v1" - batchv1 "k8s.io/api/batch/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#TestJob: batchv1.#Job & { - #config: #Config - apiVersion: "batch/v1" - kind: "Job" - metadata: timoniv1.#MetaComponent & { - #Meta: #config.metadata - #Component: "test" - } - metadata: annotations: timoniv1.Action.Force - spec: batchv1.#JobSpec & { - template: corev1.#PodTemplateSpec & { - let _checksum = uuid.SHA1(uuid.ns.DNS, yaml.Marshal(#config)) - metadata: annotations: "timoni.sh/checksum": "\(_checksum)" - spec: { - containers: [{ - name: "curl" - image: #config.test.image.reference - imagePullPolicy: #config.test.image.pullPolicy - command: [ - "curl", - "-v", - "-m", - "5", - "\(#config.metadata.name):\(#config.service.port)", - ] - }] - restartPolicy: "Never" - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - backoffLimit: 1 - } -} diff --git a/platform/modules/adhar-console/templates/service.cue b/platform/modules/adhar-console/templates/service.cue deleted file mode 100644 index e6dbe5cf..00000000 --- a/platform/modules/adhar-console/templates/service.cue +++ /dev/null @@ -1,27 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#Service: corev1.#Service & { - #config: #Config - apiVersion: "v1" - kind: "Service" - metadata: #config.metadata - if #config.service.annotations != _|_ { - metadata: annotations: #config.service.annotations - } - spec: corev1.#ServiceSpec & { - type: corev1.#ServiceTypeClusterIP - selector: #config.selector.labels - ports: [ - { - port: #config.service.port - protocol: "TCP" - name: "http" - targetPort: name - }, - ] - } -} diff --git a/platform/modules/adhar-console/templates/serviceaccount.cue b/platform/modules/adhar-console/templates/serviceaccount.cue deleted file mode 100644 index f07f5748..00000000 --- a/platform/modules/adhar-console/templates/serviceaccount.cue +++ /dev/null @@ -1,12 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#ServiceAccount: corev1.#ServiceAccount & { - #config: #Config - apiVersion: "v1" - kind: "ServiceAccount" - metadata: #config.metadata -} diff --git a/platform/modules/adhar-console/timoni.cue b/platform/modules/adhar-console/timoni.cue deleted file mode 100644 index 64e0ad22..00000000 --- a/platform/modules/adhar-console/timoni.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by timoni. -// Note that this file is required and should contain -// the values schema and the timoni workflow. - -package main - -import ( - templates "timoni.sh/adhar-console/templates" -) - -// Define the schema for the user-supplied values. -// At runtime, Timoni injects the supplied values -// and validates them according to the Config schema. -values: templates.#Config - -// Define how Timoni should build, validate and -// apply the Kubernetes resources. -timoni: { - apiVersion: "v1alpha1" - - // Define the instance that outputs the Kubernetes resources. - // At runtime, Timoni builds the instance and validates - // the resulting resources according to their Kubernetes schema. - instance: templates.#Instance & { - // The user-supplied values are merged with the - // default values at runtime by Timoni. - config: values - // These values are injected at runtime by Timoni. - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - // Pass Kubernetes resources outputted by the instance - // to Timoni's multi-step apply. - apply: app: [for obj in instance.objects {obj}] - - // Conditionally run tests after an install or upgrade. - if instance.config.test.enabled { - apply: test: [for obj in instance.tests {obj}] - } -} diff --git a/platform/modules/adhar-console/timoni.ignore b/platform/modules/adhar-console/timoni.ignore deleted file mode 100644 index 0722c348..00000000 --- a/platform/modules/adhar-console/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/platform/modules/adhar-console/values.cue b/platform/modules/adhar-console/values.cue deleted file mode 100644 index 140dcda8..00000000 --- a/platform/modules/adhar-console/values.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by timoni. -// Note that this file must have no imports and all values must be concrete. - -@if(!debug) - -package main - -// Defaults -values: { - message: "Hello World" - image: { - repository: "cgr.dev/chainguard/nginx" - digest: "sha256:3dd8fa303f77d7eb6ce541cb05009a5e8723bd7e3778b95131ab4a2d12fadb8f" - tag: "1.25.3" - } - test: image: { - repository: "cgr.dev/chainguard/curl" - digest: "" - tag: "latest" - } -} diff --git a/platform/stack/environments/local/config.yaml b/platform/stack/environments/local/config.yaml index b049ebb6..d5a3d371 100644 --- a/platform/stack/environments/local/config.yaml +++ b/platform/stack/environments/local/config.yaml @@ -11,6 +11,11 @@ packages: install: "true" manifestPath: "security/cert-manager/manifests" isChart: "false" + - name: cnpg + namespace: cnpg-system + install: "true" + manifestPath: "data/cnpg/manifests" + isChart: "false" - name: headlamp namespace: adhar-system install: "true" diff --git a/platform/stack/packages/core/adhar-console/.gitkeep b/platform/stack/packages/core/adhar-console/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/platform/stack/packages/data/cnpg/generate-manifests.sh b/platform/stack/packages/data/cnpg/generate-manifests.sh new file mode 100755 index 00000000..7ae9ace5 --- /dev/null +++ b/platform/stack/packages/data/cnpg/generate-manifests.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -e + +INSTALL_YAML="manifests/install.yaml" +CHART_VERSION="v0.22.0" + +echo "# CLOUDNATIVE-PG INSTALL RESOURCES" >${INSTALL_YAML} +echo "# This file is auto-generated with 'platform/stack/packages/data/cnpg/generate-manifests.sh'" >>${INSTALL_YAML} + +helm repo add cnpg https://cloudnative-pg.github.io/charts --force-update +helm repo update +helm template --namespace cnpg-system cnpg cnpg/cloudnative-pg -f values.yaml --version ${CHART_VERSION} >>${INSTALL_YAML} \ No newline at end of file diff --git a/platform/stack/packages/data/cnpg/manifests/install.yaml b/platform/stack/packages/data/cnpg/manifests/install.yaml new file mode 100644 index 00000000..1f21bd40 --- /dev/null +++ b/platform/stack/packages/data/cnpg/manifests/install.yaml @@ -0,0 +1,17114 @@ +# CLOUDNATIVE-PG INSTALL RESOURCES +# This file is auto-generated with 'platform/stack/packages/data/cnpg/generate-manifests.sh' +--- +# Source: cloudnative-pg/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cnpg-cloudnative-pg + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: cloudnative-pg/templates/config.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: cnpg-controller-manager-config + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: cloudnative-pg/templates/monitoring-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: cnpg-default-monitoring + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm + cnpg.io/reload: "" +data: + queries: + | + backends: + query: | + SELECT sa.datname + , sa.usename + , sa.application_name + , states.state + , COALESCE(sa.count, 0) AS total + , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds + FROM ( VALUES ('active') + , ('idle') + , ('idle in transaction') + , ('idle in transaction (aborted)') + , ('fastpath function call') + , ('disabled') + ) AS states(state) + LEFT JOIN ( + SELECT datname + , state + , usename + , COALESCE(application_name, '') AS application_name + , COUNT(*) + , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs + FROM pg_catalog.pg_stat_activity + GROUP BY datname, state, usename, application_name + ) sa ON states.state = sa.state + WHERE sa.usename IS NOT NULL + metrics: + - datname: + usage: "LABEL" + description: "Name of the database" + - usename: + usage: "LABEL" + description: "Name of the user" + - application_name: + usage: "LABEL" + description: "Name of the application" + - state: + usage: "LABEL" + description: "State of the backend" + - total: + usage: "GAUGE" + description: "Number of backends" + - max_tx_duration_seconds: + usage: "GAUGE" + description: "Maximum duration of a transaction in seconds" + + backends_waiting: + query: | + SELECT count(*) AS total + FROM pg_catalog.pg_locks blocked_locks + JOIN pg_catalog.pg_locks blocking_locks + ON blocking_locks.locktype = blocked_locks.locktype + AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database + AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation + AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page + AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple + AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid + AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid + AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid + AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid + AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid + AND blocking_locks.pid != blocked_locks.pid + JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid + WHERE NOT blocked_locks.granted + metrics: + - total: + usage: "GAUGE" + description: "Total number of backends that are currently waiting on other queries" + + pg_database: + query: | + SELECT datname + , pg_catalog.pg_database_size(datname) AS size_bytes + , pg_catalog.age(datfrozenxid) AS xid_age + , pg_catalog.mxid_age(datminmxid) AS mxid_age + FROM pg_catalog.pg_database + WHERE datallowconn + metrics: + - datname: + usage: "LABEL" + description: "Name of the database" + - size_bytes: + usage: "GAUGE" + description: "Disk space used by the database" + - xid_age: + usage: "GAUGE" + description: "Number of transactions from the frozen XID to the current one" + - mxid_age: + usage: "GAUGE" + description: "Number of multiple transactions (Multixact) from the frozen XID to the current one" + + pg_postmaster: + query: | + SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time + FROM pg_catalog.pg_postmaster_start_time() + metrics: + - start_time: + usage: "GAUGE" + description: "Time at which postgres started (based on epoch)" + + pg_replication: + query: "SELECT CASE WHEN ( + NOT pg_catalog.pg_is_in_recovery() + OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn()) + THEN 0 + ELSE GREATEST (0, + EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp()))) + END AS lag, + pg_catalog.pg_is_in_recovery() AS in_recovery, + EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up, + (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas" + metrics: + - lag: + usage: "GAUGE" + description: "Replication lag behind primary in seconds" + - in_recovery: + usage: "GAUGE" + description: "Whether the instance is in recovery" + - is_wal_receiver_up: + usage: "GAUGE" + description: "Whether the instance wal_receiver is up" + - streaming_replicas: + usage: "GAUGE" + description: "Number of streaming replicas connected to the instance" + + pg_replication_slots: + query: | + SELECT slot_name, + slot_type, + database, + active, + (CASE pg_catalog.pg_is_in_recovery() + WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn) + ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn) + END) as pg_wal_lsn_diff + FROM pg_catalog.pg_replication_slots + WHERE NOT temporary + metrics: + - slot_name: + usage: "LABEL" + description: "Name of the replication slot" + - slot_type: + usage: "LABEL" + description: "Type of the replication slot" + - database: + usage: "LABEL" + description: "Name of the database" + - active: + usage: "GAUGE" + description: "Flag indicating whether the slot is active" + - pg_wal_lsn_diff: + usage: "GAUGE" + description: "Replication lag in bytes" + + pg_stat_archiver: + query: | + SELECT archived_count + , failed_count + , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival + , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure + , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time + , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn + , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time + FROM pg_catalog.pg_stat_archiver + metrics: + - archived_count: + usage: "COUNTER" + description: "Number of WAL files that have been successfully archived" + - failed_count: + usage: "COUNTER" + description: "Number of failed attempts for archiving WAL files" + - seconds_since_last_archival: + usage: "GAUGE" + description: "Seconds since the last successful archival operation" + - seconds_since_last_failure: + usage: "GAUGE" + description: "Seconds since the last failed archival operation" + - last_archived_time: + usage: "GAUGE" + description: "Epoch of the last time WAL archiving succeeded" + - last_failed_time: + usage: "GAUGE" + description: "Epoch of the last time WAL archiving failed" + - last_archived_wal_start_lsn: + usage: "GAUGE" + description: "Archived WAL start LSN" + - last_failed_wal_start_lsn: + usage: "GAUGE" + description: "Last failed WAL LSN" + - stats_reset_time: + usage: "GAUGE" + description: "Time at which these statistics were last reset" + + pg_stat_bgwriter: + runonserver: "<17.0.0" + query: | + SELECT checkpoints_timed + , checkpoints_req + , checkpoint_write_time + , checkpoint_sync_time + , buffers_checkpoint + , buffers_clean + , maxwritten_clean + , buffers_backend + , buffers_backend_fsync + , buffers_alloc + FROM pg_catalog.pg_stat_bgwriter + metrics: + - checkpoints_timed: + usage: "COUNTER" + description: "Number of scheduled checkpoints that have been performed" + - checkpoints_req: + usage: "COUNTER" + description: "Number of requested checkpoints that have been performed" + - checkpoint_write_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds" + - checkpoint_sync_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds" + - buffers_checkpoint: + usage: "COUNTER" + description: "Number of buffers written during checkpoints" + - buffers_clean: + usage: "COUNTER" + description: "Number of buffers written by the background writer" + - maxwritten_clean: + usage: "COUNTER" + description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers" + - buffers_backend: + usage: "COUNTER" + description: "Number of buffers written directly by a backend" + - buffers_backend_fsync: + usage: "COUNTER" + description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)" + - buffers_alloc: + usage: "COUNTER" + description: "Number of buffers allocated" + + pg_stat_bgwriter_17: + runonserver: ">=17.0.0" + name: pg_stat_bgwriter + query: | + SELECT buffers_clean + , maxwritten_clean + , buffers_alloc + , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time + FROM pg_catalog.pg_stat_bgwriter + metrics: + - buffers_clean: + usage: "COUNTER" + description: "Number of buffers written by the background writer" + - maxwritten_clean: + usage: "COUNTER" + description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers" + - buffers_alloc: + usage: "COUNTER" + description: "Number of buffers allocated" + - stats_reset_time: + usage: "GAUGE" + description: "Time at which these statistics were last reset" + + pg_stat_checkpointer: + runonserver: ">=17.0.0" + query: | + SELECT num_timed AS checkpoints_timed + , num_requested AS checkpoints_req + , restartpoints_timed + , restartpoints_req + , restartpoints_done + , write_time + , sync_time + , buffers_written + , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time + FROM pg_catalog.pg_stat_checkpointer + metrics: + - checkpoints_timed: + usage: "COUNTER" + description: "Number of scheduled checkpoints that have been performed" + - checkpoints_req: + usage: "COUNTER" + description: "Number of requested checkpoints that have been performed" + - restartpoints_timed: + usage: "COUNTER" + description: "Number of scheduled restartpoints due to timeout or after a failed attempt to perform it" + - restartpoints_req: + usage: "COUNTER" + description: "Number of requested restartpoints that have been performed" + - restartpoints_done: + usage: "COUNTER" + description: "Number of restartpoints that have been performed" + - write_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds" + - sync_time: + usage: "COUNTER" + description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds" + - buffers_written: + usage: "COUNTER" + description: "Number of buffers written during checkpoints and restartpoints" + - stats_reset_time: + usage: "GAUGE" + description: "Time at which these statistics were last reset" + + pg_stat_database: + query: | + SELECT datname + , xact_commit + , xact_rollback + , blks_read + , blks_hit + , tup_returned + , tup_fetched + , tup_inserted + , tup_updated + , tup_deleted + , conflicts + , temp_files + , temp_bytes + , deadlocks + , blk_read_time + , blk_write_time + FROM pg_catalog.pg_stat_database + metrics: + - datname: + usage: "LABEL" + description: "Name of this database" + - xact_commit: + usage: "COUNTER" + description: "Number of transactions in this database that have been committed" + - xact_rollback: + usage: "COUNTER" + description: "Number of transactions in this database that have been rolled back" + - blks_read: + usage: "COUNTER" + description: "Number of disk blocks read in this database" + - blks_hit: + usage: "COUNTER" + description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)" + - tup_returned: + usage: "COUNTER" + description: "Number of rows returned by queries in this database" + - tup_fetched: + usage: "COUNTER" + description: "Number of rows fetched by queries in this database" + - tup_inserted: + usage: "COUNTER" + description: "Number of rows inserted by queries in this database" + - tup_updated: + usage: "COUNTER" + description: "Number of rows updated by queries in this database" + - tup_deleted: + usage: "COUNTER" + description: "Number of rows deleted by queries in this database" + - conflicts: + usage: "COUNTER" + description: "Number of queries canceled due to conflicts with recovery in this database" + - temp_files: + usage: "COUNTER" + description: "Number of temporary files created by queries in this database" + - temp_bytes: + usage: "COUNTER" + description: "Total amount of data written to temporary files by queries in this database" + - deadlocks: + usage: "COUNTER" + description: "Number of deadlocks detected in this database" + - blk_read_time: + usage: "COUNTER" + description: "Time spent reading data file blocks by backends in this database, in milliseconds" + - blk_write_time: + usage: "COUNTER" + description: "Time spent writing data file blocks by backends in this database, in milliseconds" + + pg_stat_replication: + primary: true + query: | + SELECT usename + , COALESCE(application_name, '') AS application_name + , COALESCE(client_addr::text, '') AS client_addr + , COALESCE(client_port::text, '') AS client_port + , EXTRACT(EPOCH FROM backend_start) AS backend_start + , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes + , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes + , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds + FROM pg_catalog.pg_stat_replication + metrics: + - usename: + usage: "LABEL" + description: "Name of the replication user" + - application_name: + usage: "LABEL" + description: "Name of the application" + - client_addr: + usage: "LABEL" + description: "Client IP address" + - client_port: + usage: "LABEL" + description: "Client TCP port" + - backend_start: + usage: "COUNTER" + description: "Time when this process was started" + - backend_xmin_age: + usage: "COUNTER" + description: "The age of this standby's xmin horizon" + - sent_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location sent on this connection" + - write_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location written to disk by this standby server" + - flush_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server" + - replay_diff_bytes: + usage: "GAUGE" + description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server" + - write_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it" + - flush_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it" + - replay_lag_seconds: + usage: "GAUGE" + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it" + + pg_settings: + query: | + SELECT name, + CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting + FROM pg_catalog.pg_settings + WHERE vartype IN ('integer', 'real', 'bool') + ORDER BY 1 + metrics: + - name: + usage: "LABEL" + description: "Name of the setting" + - setting: + usage: "GAUGE" + description: "Setting value" +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: backups.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .spec.method + name: Method + type: string + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.error + name: Error + type: string + name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the backup. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + cluster: + description: The cluster to backup + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + method: + default: barmanObjectStore + description: |- + The backup method to be used, possible options are `barmanObjectStore`, + `volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`. + enum: + - barmanObjectStore + - volumeSnapshot + - plugin + type: string + online: + description: |- + Whether the default type of backup with volume snapshots is + online/hot (`true`, default) or offline/cold (`false`) + Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online' + type: boolean + onlineConfiguration: + description: |- + Configuration parameters to control the online/hot backup with volume snapshots + Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza + properties: + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + waitForArchive: + default: true + description: |- + If false, the function will return immediately after the backup is completed, + without waiting for WAL to be archived. + This behavior is only useful with backup software that independently monitors WAL archiving. + Otherwise, WAL required to make the backup consistent might be missing and make the backup useless. + By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is + enabled. + On a standby, this means that it will wait only when archive_mode = always. + If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger + an immediate segment switch. + type: boolean + type: object + pluginConfiguration: + description: Configuration parameters passed to the plugin managing + this backup + properties: + name: + description: Name is the name of the plugin managing this backup + type: string + parameters: + additionalProperties: + type: string + description: |- + Parameters are the configuration parameters passed to the backup + plugin for this backup + type: object + required: + - name + type: object + target: + description: |- + The policy to decide which instance should perform this backup. If empty, + it defaults to `cluster.spec.backup.target`. + Available options are empty string, `primary` and `prefer-standby`. + `primary` to have backups run always on primary instances, + `prefer-standby` to have backups run preferably on the most updated + standby, if available. + enum: + - primary + - prefer-standby + type: string + required: + - cluster + type: object + status: + description: |- + Most recently observed status of the backup. This data may not be up to + date. Populated by the system. Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + azureCredentials: + description: The credentials to use to upload data to Azure Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without providing + explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: |- + The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: |- + A shared-access-signature to be used in conjunction with + the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + backupId: + description: The ID of the Barman backup + type: string + backupLabelFile: + description: Backup label file content as returned by Postgres in + case of online (hot) backups + format: byte + type: string + backupName: + description: The Name of the Barman backup + type: string + beginLSN: + description: The starting xlog + type: string + beginWal: + description: The starting WAL + type: string + commandError: + description: The backup command output in case of error + type: string + commandOutput: + description: Unused. Retained for compatibility with old versions. + type: string + destinationPath: + description: |- + The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used for WALs + and for data. This may not be populated in case of errors. + type: string + encryption: + description: Encryption method required to S3 API + type: string + endLSN: + description: The ending xlog + type: string + endWal: + description: The ending WAL + type: string + endpointCA: + description: |- + EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid + errors with certificate issuer and barman-cloud-wal-archive. + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: |- + Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + error: + description: The detected error + type: string + googleCredentials: + description: The credentials to use to upload data to Google Cloud + Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud Storage JSON + file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: |- + If set to true, will presume that it's running inside a GKE environment, + default to false. + type: boolean + type: object + instanceID: + description: Information to identify the instance where the backup + has been taken from + properties: + ContainerID: + description: The container ID + type: string + podName: + description: The pod name + type: string + type: object + method: + description: The backup method being used + type: string + online: + description: Whether the backup was online/hot (`true`) or offline/cold + (`false`) + type: boolean + phase: + description: The last backup status + type: string + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without providing + explicitly the keys. + type: boolean + region: + description: The reference to the secret containing the region + name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: |- + The server name on S3, the cluster name is used if this + parameter is omitted + type: string + snapshotBackupStatus: + description: Status of the volumeSnapshot backup + properties: + elements: + description: The elements list, populated with the gathered volume + snapshots + items: + description: BackupSnapshotElementStatus is a volume snapshot + that is part of a volume snapshot method backup + properties: + name: + description: Name is the snapshot resource name + type: string + tablespaceName: + description: |- + TablespaceName is the name of the snapshotted tablespace. Only set + when type is PG_TABLESPACE + type: string + type: + description: Type is tho role of the snapshot in the cluster, + such as PG_DATA, PG_WAL and PG_TABLESPACE + type: string + required: + - name + - type + type: object + type: array + type: object + startedAt: + description: When the backup was started + format: date-time + type: string + stoppedAt: + description: When the backup was terminated + format: date-time + type: string + tablespaceMapFile: + description: Tablespace map file content as returned by Postgres in + case of online (hot) backups + format: byte + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: clusterimagecatalogs.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: ClusterImageCatalog + listKind: ClusterImageCatalogList + plural: clusterimagecatalogs + singular: clusterimagecatalog + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterImageCatalog is the Schema for the clusterimagecatalogs + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the ClusterImageCatalog. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + images: + description: List of CatalogImages available in the catalog + items: + description: CatalogImage defines the image and major version + properties: + image: + description: The image reference + type: string + major: + description: The PostgreSQL major version of the image. Must + be unique within the catalog. + minimum: 10 + type: integer + required: + - image + - major + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-validations: + - message: Images must have unique major versions + rule: self.all(e, self.filter(f, f.major==e.major).size() == 1) + required: + - images + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: clusters.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Number of instances + jsonPath: .status.instances + name: Instances + type: integer + - description: Number of ready instances + jsonPath: .status.readyInstances + name: Ready + type: integer + - description: Cluster current status + jsonPath: .status.phase + name: Status + type: string + - description: Primary pod + jsonPath: .status.currentPrimary + name: Primary + type: string + name: v1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the PostgreSQL API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the cluster. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + affinity: + description: Affinity/Anti-affinity rules for Pods + properties: + additionalPodAffinity: + description: AdditionalPodAffinity allows to specify pod affinity + terms to be passed to all the cluster's pods. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + additionalPodAntiAffinity: + description: |- + AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated + by the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + enablePodAntiAffinity: + description: |- + Activates anti-affinity for the pods. The operator will define pods + anti-affinity unless this field is explicitly set to false + type: boolean + nodeAffinity: + description: |- + NodeAffinity describes node affinity scheduling rules for the pod. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is map of key-value pairs used to define the nodes on which + the pods can run. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + podAntiAffinityType: + description: |- + PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be + considered a strong requirement during scheduling or not. Allowed values are: "preferred" (default if empty) or + "required". Setting it to "required", could lead to instances remaining pending until new kubernetes nodes are + added if all the existing nodes don't match the required pod anti-affinity rule. + More info: + https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + type: string + tolerations: + description: |- + Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run + on tainted nodes. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologyKey: + description: |- + TopologyKey to use for anti-affinity configuration. See k8s documentation + for more info on that + type: string + type: object + backup: + description: The configuration to be used for backups + properties: + barmanObjectStore: + description: The configuration for the barman-cloud tool suite + properties: + azureCredentials: + description: The credentials to use to upload data to Azure + Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without + providing explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: |- + The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: |- + A shared-access-signature to be used in conjunction with + the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + data: + description: |- + The configuration to be used to backup the data files + When not defined, base backups files will be stored uncompressed and may + be unencrypted in the object store, according to the bucket default + policy. + properties: + additionalCommandArgs: + description: |- + AdditionalCommandArgs represents additional arguments that can be appended + to the 'barman-cloud-backup' command-line invocation. These arguments + provide flexibility to customize the backup process further according to + specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-backup' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a backup file (a tar file per tablespace) while streaming it + to the object store. Available options are empty string (no + compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + jobs: + description: |- + The number of parallel jobs to be used to upload the backup, defaults + to 2 + format: int32 + minimum: 1 + type: integer + type: object + destinationPath: + description: |- + The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used for WALs + and for data + minLength: 1 + type: string + endpointCA: + description: |- + EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid + errors with certificate issuer and barman-cloud-wal-archive + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: |- + Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + googleCredentials: + description: The credentials to use to upload data to Google + Cloud Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud Storage + JSON file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: |- + If set to true, will presume that it's running inside a GKE environment, + default to false. + type: boolean + type: object + historyTags: + additionalProperties: + type: string + description: |- + HistoryTags is a list of key value pairs that will be passed to the + Barman --history-tags option. + type: object + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without + providing explicitly the keys. + type: boolean + region: + description: The reference to the secret containing the + region name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: |- + The server name on S3, the cluster name is used if this + parameter is omitted + type: string + tags: + additionalProperties: + type: string + description: |- + Tags is a list of key value pairs that will be passed to the + Barman --tags option. + type: object + wal: + description: |- + The configuration for the backup of the WAL stream. + When not defined, WAL files will be stored uncompressed and may be + unencrypted in the object store, according to the bucket default policy. + properties: + archiveAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-archive' + command-line invocation. These arguments provide flexibility to customize + the WAL archive process further, according to specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a WAL file before sending it to the object store. Available + options are empty string (no compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + maxParallel: + description: |- + Number of WAL files to be either archived in parallel (when the + PostgreSQL instance is archiving to a backup object store) or + restored in parallel (when a PostgreSQL standby is fetching WAL + files from a recovery object store). If not specified, WAL files + will be processed one at a time. It accepts a positive integer as a + value - with 1 being the minimum accepted value. + minimum: 1 + type: integer + restoreAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-restore' + command-line invocation. These arguments provide flexibility to customize + the WAL restore process further, according to specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + type: object + required: + - destinationPath + type: object + retentionPolicy: + description: |- + RetentionPolicy is the retention policy to be used for backups + and WALs (i.e. '60d'). The retention policy is expressed in the form + of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` - + days, weeks, months. + It's currently only applicable when using the BarmanObjectStore method. + pattern: ^[1-9][0-9]*[dwm]$ + type: string + target: + default: prefer-standby + description: |- + The policy to decide which instance should perform backups. Available + options are empty string, which will default to `prefer-standby` policy, + `primary` to have backups run always on primary instances, `prefer-standby` + to have backups run preferably on the most updated standby, if available. + enum: + - primary + - prefer-standby + type: string + volumeSnapshot: + description: VolumeSnapshot provides the configuration for the + execution of volume snapshot backups. + properties: + annotations: + additionalProperties: + type: string + description: Annotations key-value pairs that will be added + to .metadata.annotations snapshot resources. + type: object + className: + description: |- + ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim. + It is the default class for the other types if no specific class is present + type: string + labels: + additionalProperties: + type: string + description: Labels are key-value pairs that will be added + to .metadata.labels snapshot resources. + type: object + online: + default: true + description: |- + Whether the default type of backup with volume snapshots is + online/hot (`true`, default) or offline/cold (`false`) + type: boolean + onlineConfiguration: + default: + immediateCheckpoint: false + waitForArchive: true + description: Configuration parameters to control the online/hot + backup with volume snapshots + properties: + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + waitForArchive: + default: true + description: |- + If false, the function will return immediately after the backup is completed, + without waiting for WAL to be archived. + This behavior is only useful with backup software that independently monitors WAL archiving. + Otherwise, WAL required to make the backup consistent might be missing and make the backup useless. + By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is + enabled. + On a standby, this means that it will wait only when archive_mode = always. + If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger + an immediate segment switch. + type: boolean + type: object + snapshotOwnerReference: + default: none + description: SnapshotOwnerReference indicates the type of + owner reference the snapshot should have + enum: + - none + - cluster + - backup + type: string + tablespaceClassName: + additionalProperties: + type: string + description: |- + TablespaceClassName specifies the Snapshot Class to be used for the tablespaces. + defaults to the PGDATA Snapshot Class, if set + type: object + walClassName: + description: WalClassName specifies the Snapshot Class to + be used for the PG_WAL PersistentVolumeClaim. + type: string + type: object + type: object + bootstrap: + description: Instructions to bootstrap this cluster + properties: + initdb: + description: Bootstrap the cluster via initdb + properties: + dataChecksums: + description: |- + Whether the `-k` option should be passed to initdb, + enabling checksums on data pages (default: `false`) + type: boolean + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + encoding: + description: The value to be passed as option `--encoding` + for initdb (default:`UTF8`) + type: string + import: + description: |- + Bootstraps the new cluster by importing data from an existing PostgreSQL + instance using logical backup (`pg_dump` and `pg_restore`) + properties: + databases: + description: The databases to import + items: + type: string + type: array + postImportApplicationSQL: + description: |- + List of SQL queries to be executed as a superuser in the application + database right after is imported - to be used with extreme care + (by default empty). Only available in microservice type. + items: + type: string + type: array + roles: + description: The roles to import + items: + type: string + type: array + schemaOnly: + description: |- + When set to true, only the `pre-data` and `post-data` sections of + `pg_restore` are invoked, avoiding data import. Default: `false`. + type: boolean + source: + description: The source of the import + properties: + externalCluster: + description: The name of the externalCluster used + for import + type: string + required: + - externalCluster + type: object + type: + description: The import type. Can be `microservice` or + `monolith`. + enum: + - microservice + - monolith + type: string + required: + - databases + - source + - type + type: object + localeCType: + description: The value to be passed as option `--lc-ctype` + for initdb (default:`C`) + type: string + localeCollate: + description: The value to be passed as option `--lc-collate` + for initdb (default:`C`) + type: string + options: + description: |- + The list of options that must be passed to initdb when creating the cluster. + Deprecated: This could lead to inconsistent configurations, + please use the explicit provided parameters instead. + If defined, explicit values will be ignored. + items: + type: string + type: array + owner: + description: |- + Name of the owner of the database in the instance to be used + by applications. Defaults to the value of the `database` key. + type: string + postInitApplicationSQL: + description: |- + List of SQL queries to be executed as a superuser in the application + database right after the cluster has been created - to be used with extreme care + (by default empty) + items: + type: string + type: array + postInitApplicationSQLRefs: + description: |- + List of references to ConfigMaps or Secrets containing SQL files + to be executed as a superuser in the application database right after + the cluster has been created. The references are processed in a specific order: + first, all Secrets are processed, followed by all ConfigMaps. + Within each group, the processing order follows the sequence specified + in their respective arrays. + (by default empty) + properties: + configMapRefs: + description: ConfigMapRefs holds a list of references + to ConfigMaps + items: + description: |- + ConfigMapKeySelector contains enough information to let you locate + the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + secretRefs: + description: SecretRefs holds a list of references to + Secrets + items: + description: |- + SecretKeySelector contains enough information to let you locate + the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + type: object + postInitSQL: + description: |- + List of SQL queries to be executed as a superuser in the `postgres` + database right after the cluster has been created - to be used with extreme care + (by default empty) + items: + type: string + type: array + postInitSQLRefs: + description: |- + List of references to ConfigMaps or Secrets containing SQL files + to be executed as a superuser in the `postgres` database right after + the cluster has been created. The references are processed in a specific order: + first, all Secrets are processed, followed by all ConfigMaps. + Within each group, the processing order follows the sequence specified + in their respective arrays. + (by default empty) + properties: + configMapRefs: + description: ConfigMapRefs holds a list of references + to ConfigMaps + items: + description: |- + ConfigMapKeySelector contains enough information to let you locate + the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + secretRefs: + description: SecretRefs holds a list of references to + Secrets + items: + description: |- + SecretKeySelector contains enough information to let you locate + the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + type: object + postInitTemplateSQL: + description: |- + List of SQL queries to be executed as a superuser in the `template1` + database right after the cluster has been created - to be used with extreme care + (by default empty) + items: + type: string + type: array + postInitTemplateSQLRefs: + description: |- + List of references to ConfigMaps or Secrets containing SQL files + to be executed as a superuser in the `template1` database right after + the cluster has been created. The references are processed in a specific order: + first, all Secrets are processed, followed by all ConfigMaps. + Within each group, the processing order follows the sequence specified + in their respective arrays. + (by default empty) + properties: + configMapRefs: + description: ConfigMapRefs holds a list of references + to ConfigMaps + items: + description: |- + ConfigMapKeySelector contains enough information to let you locate + the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + secretRefs: + description: SecretRefs holds a list of references to + Secrets + items: + description: |- + SecretKeySelector contains enough information to let you locate + the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + type: object + secret: + description: |- + Name of the secret containing the initial credentials for the + owner of the user database. If empty a new secret will be + created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + walSegmentSize: + description: |- + The value in megabytes (1 to 1024) to be passed to the `--wal-segsize` + option for initdb (default: empty, resulting in PostgreSQL default: 16MB) + maximum: 1024 + minimum: 1 + type: integer + type: object + pg_basebackup: + description: |- + Bootstrap the cluster taking a physical backup of another compatible + PostgreSQL instance + properties: + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + owner: + description: |- + Name of the owner of the database in the instance to be used + by applications. Defaults to the value of the `database` key. + type: string + secret: + description: |- + Name of the secret containing the initial credentials for the + owner of the user database. If empty a new secret will be + created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + source: + description: The name of the server of which we need to take + a physical backup + minLength: 1 + type: string + required: + - source + type: object + recovery: + description: Bootstrap the cluster from a backup + properties: + backup: + description: |- + The backup object containing the physical base backup from which to + initiate the recovery procedure. + Mutually exclusive with `source` and `volumeSnapshots`. + properties: + endpointCA: + description: |- + EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid + errors with certificate issuer and barman-cloud-wal-archive. + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + name: + description: Name of the referent. + type: string + required: + - name + type: object + database: + description: 'Name of the database used by the application. + Default: `app`.' + type: string + owner: + description: |- + Name of the owner of the database in the instance to be used + by applications. Defaults to the value of the `database` key. + type: string + recoveryTarget: + description: |- + By default, the recovery process applies all the available + WAL files in the archive (full recovery). However, you can also + end the recovery as soon as a consistent state is reached or + recover to a point-in-time (PITR) by specifying a `RecoveryTarget` object, + as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). + More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET + properties: + backupID: + description: |- + The ID of the backup from which to start the recovery process. + If empty (default) the operator will automatically detect the backup + based on targetTime or targetLSN if specified. Otherwise use the + latest available backup in chronological order. + type: string + exclusive: + description: |- + Set the target to be exclusive. If omitted, defaults to false, so that + in Postgres, `recovery_target_inclusive` will be true + type: boolean + targetImmediate: + description: End recovery as soon as a consistent state + is reached + type: boolean + targetLSN: + description: The target LSN (Log Sequence Number) + type: string + targetName: + description: |- + The target name (to be previously created + with `pg_create_restore_point`) + type: string + targetTLI: + description: The target timeline ("latest" or a positive + integer) + type: string + targetTime: + description: The target time as a timestamp in the RFC3339 + standard + type: string + targetXID: + description: The target transaction ID + type: string + type: object + secret: + description: |- + Name of the secret containing the initial credentials for the + owner of the user database. If empty a new secret will be + created from scratch + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + source: + description: |- + The external cluster whose backup we will restore. This is also + used as the name of the folder under which the backup is stored, + so it must be set to the name of the source cluster + Mutually exclusive with `backup`. + type: string + volumeSnapshots: + description: |- + The static PVC data source(s) from which to initiate the + recovery procedure. Currently supporting `VolumeSnapshot` + and `PersistentVolumeClaim` resources that map an existing + PVC group, compatible with CloudNativePG, and taken with + a cold backup copy on a fenced Postgres instance (limitation + which will be removed in the future when online backup + will be implemented). + Mutually exclusive with `backup`. + properties: + storage: + description: Configuration of the storage of the instances + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + tablespaceStorage: + additionalProperties: + description: |- + TypedLocalObjectReference contains enough information to let you locate the + typed referenced object inside the same namespace. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + description: Configuration of the storage for PostgreSQL + tablespaces + type: object + walStorage: + description: Configuration of the storage for PostgreSQL + WAL (Write-Ahead Log) + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - storage + type: object + type: object + type: object + certificates: + description: The configuration for the CA and related certificates + properties: + clientCASecret: + description: |- + The secret containing the Client CA certificate. If not defined, a new secret will be created + with a self-signed CA and will be used to generate all the client certificates.
+
+ Contains:
+
+ - `ca.crt`: CA that should be used to validate the client certificates, + used as `ssl_ca_file` of all the instances.
+ - `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided, + this can be omitted.
+ type: string + replicationTLSSecret: + description: |- + The secret of type kubernetes.io/tls containing the client certificate to authenticate as + the `streaming_replica` user. + If not defined, ClientCASecret must provide also `ca.key`, and a new secret will be + created using the provided CA. + type: string + serverAltDNSNames: + description: The list of the server alternative DNS names to be + added to the generated server TLS certificates, when required. + items: + type: string + type: array + serverCASecret: + description: |- + The secret containing the Server CA certificate. If not defined, a new secret will be created + with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
+
+ Contains:
+
+ - `ca.crt`: CA that should be used to validate the server certificate, + used as `sslrootcert` in client connection strings.
+ - `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided, + this can be omitted.
+ type: string + serverTLSSecret: + description: |- + The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as + `ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely. + If not defined, ServerCASecret must provide also `ca.key` and a new secret will be + created using the provided CA. + type: string + type: object + description: + description: Description of this PostgreSQL cluster + type: string + enablePDB: + default: true + description: |- + Manage the `PodDisruptionBudget` resources within the cluster. When + configured as `true` (default setting), the pod disruption budgets + will safeguard the primary node from being terminated. Conversely, + setting it to `false` will result in the absence of any + `PodDisruptionBudget` resource, permitting the shutdown of all nodes + hosting the PostgreSQL cluster. This latter configuration is + advisable for any PostgreSQL cluster employed for + development/staging purposes. + type: boolean + enableSuperuserAccess: + default: false + description: |- + When this option is enabled, the operator will use the `SuperuserSecret` + to update the `postgres` user password (if the secret is + not present, the operator will automatically create one). When this + option is disabled, the operator will ignore the `SuperuserSecret` content, delete + it when automatically created, and then blank the password of the `postgres` + user by setting it to `NULL`. Disabled by default. + type: boolean + env: + description: |- + Env follows the Env format to pass environment variables + to the pods created in the cluster + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + EnvFrom follows the EnvFrom format to pass environment variables + sources to the pods to be used by Env + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ephemeralVolumeSource: + description: EphemeralVolumeSource allows the user to configure the + source of ephemeral volumes. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + ephemeralVolumesSizeLimit: + description: |- + EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral + volumes + properties: + shm: + anyOf: + - type: integer + - type: string + description: Shm is the size limit of the shared memory volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + temporaryData: + anyOf: + - type: integer + - type: string + description: TemporaryData is the size limit of the temporary + data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + externalClusters: + description: The list of external clusters which are used in the configuration + items: + description: |- + ExternalCluster represents the connection parameters to an + external cluster which is used in the other sections of the configuration + properties: + barmanObjectStore: + description: The configuration for the barman-cloud tool suite + properties: + azureCredentials: + description: The credentials to use to upload data to Azure + Blob Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without + providing explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: |- + The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: |- + A shared-access-signature to be used in conjunction with + the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + data: + description: |- + The configuration to be used to backup the data files + When not defined, base backups files will be stored uncompressed and may + be unencrypted in the object store, according to the bucket default + policy. + properties: + additionalCommandArgs: + description: |- + AdditionalCommandArgs represents additional arguments that can be appended + to the 'barman-cloud-backup' command-line invocation. These arguments + provide flexibility to customize the backup process further according to + specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-backup' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a backup file (a tar file per tablespace) while streaming it + to the object store. Available options are empty string (no + compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + jobs: + description: |- + The number of parallel jobs to be used to upload the backup, defaults + to 2 + format: int32 + minimum: 1 + type: integer + type: object + destinationPath: + description: |- + The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used for WALs + and for data + minLength: 1 + type: string + endpointCA: + description: |- + EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid + errors with certificate issuer and barman-cloud-wal-archive + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: |- + Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + googleCredentials: + description: The credentials to use to upload data to Google + Cloud Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud + Storage JSON file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: |- + If set to true, will presume that it's running inside a GKE environment, + default to false. + type: boolean + type: object + historyTags: + additionalProperties: + type: string + description: |- + HistoryTags is a list of key value pairs that will be passed to the + Barman --history-tags option. + type: object + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without + providing explicitly the keys. + type: boolean + region: + description: The reference to the secret containing + the region name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: |- + The server name on S3, the cluster name is used if this + parameter is omitted + type: string + tags: + additionalProperties: + type: string + description: |- + Tags is a list of key value pairs that will be passed to the + Barman --tags option. + type: object + wal: + description: |- + The configuration for the backup of the WAL stream. + When not defined, WAL files will be stored uncompressed and may be + unencrypted in the object store, according to the bucket default policy. + properties: + archiveAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-archive' + command-line invocation. These arguments provide flexibility to customize + the WAL archive process further, according to specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a WAL file before sending it to the object store. Available + options are empty string (no compression, default), `gzip`, `bzip2` or `snappy`. + enum: + - gzip + - bzip2 + - snappy + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + maxParallel: + description: |- + Number of WAL files to be either archived in parallel (when the + PostgreSQL instance is archiving to a backup object store) or + restored in parallel (when a PostgreSQL standby is fetching WAL + files from a recovery object store). If not specified, WAL files + will be processed one at a time. It accepts a positive integer as a + value - with 1 being the minimum accepted value. + minimum: 1 + type: integer + restoreAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-restore' + command-line invocation. These arguments provide flexibility to customize + the WAL restore process further, according to specific requirements or configurations. + + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + type: object + required: + - destinationPath + type: object + connectionParameters: + additionalProperties: + type: string + description: The list of connection parameters, such as dbname, + host, username, etc + type: object + name: + description: The server name, required + type: string + password: + description: |- + The reference to the password to be used to connect to the server. + If a password is provided, CloudNativePG creates a PostgreSQL + passfile at `/controller/external/NAME/pass` (where "NAME" is the + cluster's name). This passfile is automatically referenced in the + connection string when establishing a connection to the remote + PostgreSQL server from the current PostgreSQL `Cluster`. This ensures + secure and efficient password management for external clusters. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslCert: + description: |- + The reference to an SSL certificate to be used to connect to this + instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslKey: + description: |- + The reference to an SSL private key to be used to connect to this + instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sslRootCert: + description: |- + The reference to an SSL CA public key to be used to connect to this + instance + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + type: array + failoverDelay: + default: 0 + description: |- + The amount of time (in seconds) to wait before triggering a failover + after the primary PostgreSQL instance in the cluster was detected + to be unhealthy + format: int32 + type: integer + imageCatalogRef: + description: Defines the major PostgreSQL version we want to use within + an ImageCatalog + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + major: + description: The major version of PostgreSQL we want to use from + the ImageCatalog + type: integer + x-kubernetes-validations: + - message: Major is immutable + rule: self == oldSelf + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - major + - name + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: Only image catalogs are supported + rule: self.kind == 'ImageCatalog' || self.kind == 'ClusterImageCatalog' + - message: Only image catalogs are supported + rule: self.apiGroup == 'postgresql.cnpg.io' + imageName: + description: |- + Name of the container image, supporting both tags (`:`) + and digests for deterministic and repeatable deployments + (`:@sha256:`) + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of `Always`, `Never` or `IfNotPresent`. + If not defined, it defaults to `IfNotPresent`. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecrets: + description: The list of pull secrets to be used to pull the images + items: + description: |- + LocalObjectReference contains enough information to let you locate a + local object with a known type inside the same namespace + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: array + inheritedMetadata: + description: Metadata that will be inherited by all objects related + to the Cluster + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + instances: + default: 1 + description: Number of instances required in the cluster + minimum: 1 + type: integer + livenessProbeTimeout: + description: |- + LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance + to successfully respond to the liveness probe (default 30). + The Liveness probe failure threshold is derived from this value using the formula: + ceiling(livenessProbe / 10). + format: int32 + type: integer + logLevel: + default: info + description: 'The instances'' log level, one of the following values: + error, warning, info (default), debug, trace' + enum: + - error + - warning + - info + - debug + - trace + type: string + managed: + description: The configuration that is used by the portions of PostgreSQL + that are managed by the instance manager + properties: + roles: + description: Database roles managed by the `Cluster` + items: + description: |- + RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role + with the additional field Ensure specifying whether to ensure the presence or + absence of the role in the database + + + The defaults of the CREATE ROLE command are applied + Reference: https://www.postgresql.org/docs/current/sql-createrole.html + properties: + bypassrls: + description: |- + Whether a role bypasses every row-level security (RLS) policy. + Default is `false`. + type: boolean + comment: + description: Description of the role + type: string + connectionLimit: + default: -1 + description: |- + If the role can log in, this specifies how many concurrent + connections the role can make. `-1` (the default) means no limit. + format: int64 + type: integer + createdb: + description: |- + When set to `true`, the role being defined will be allowed to create + new databases. Specifying `false` (default) will deny a role the + ability to create databases. + type: boolean + createrole: + description: |- + Whether the role will be permitted to create, alter, drop, comment + on, change the security label for, and grant or revoke membership in + other roles. Default is `false`. + type: boolean + disablePassword: + description: DisablePassword indicates that a role's password + should be set to NULL in Postgres + type: boolean + ensure: + default: present + description: Ensure the role is `present` or `absent` - + defaults to "present" + enum: + - present + - absent + type: string + inRoles: + description: |- + List of one or more existing roles to which this role will be + immediately added as a new member. Default empty. + items: + type: string + type: array + inherit: + default: true + description: |- + Whether a role "inherits" the privileges of roles it is a member of. + Defaults is `true`. + type: boolean + login: + description: |- + Whether the role is allowed to log in. A role having the `login` + attribute can be thought of as a user. Roles without this attribute + are useful for managing database privileges, but are not users in + the usual sense of the word. Default is `false`. + type: boolean + name: + description: Name of the role + type: string + passwordSecret: + description: |- + Secret containing the password of the role (if present) + If null, the password will be ignored unless DisablePassword is set + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + replication: + description: |- + Whether a role is a replication role. A role must have this + attribute (or be a superuser) in order to be able to connect to the + server in replication mode (physical or logical replication) and in + order to be able to create or drop replication slots. A role having + the `replication` attribute is a very highly privileged role, and + should only be used on roles actually used for replication. Default + is `false`. + type: boolean + superuser: + description: |- + Whether the role is a `superuser` who can override all access + restrictions within the database - superuser status is dangerous and + should be used only when really needed. You must yourself be a + superuser to create a new superuser. Defaults is `false`. + type: boolean + validUntil: + description: |- + Date and time after which the role's password is no longer valid. + When omitted, the password will never expire (default). + format: date-time + type: string + required: + - name + type: object + type: array + services: + description: Services roles managed by the `Cluster` + properties: + additional: + description: Additional is a list of additional managed services + specified by the user. + items: + description: |- + ManagedService represents a specific service managed by the cluster. + It includes the type of service and its associated template specification. + properties: + selectorType: + allOf: + - enum: + - rw + - r + - ro + - enum: + - rw + - r + - ro + description: |- + SelectorType specifies the type of selectors that the service will have. + Valid values are "rw", "r", and "ro", representing read-write, read, and read-only services. + type: string + serviceTemplate: + description: ServiceTemplate is the template specification + for the service. + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: The name of the resource. Only + supported for certain types + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the service. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + allocateLoadBalancerNodePorts: + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. + type: boolean + clusterIP: + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + clusterIPs: + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. + items: + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + x-kubernetes-list-type: atomic + ports: + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains + the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + trafficDistribution: + description: |- + TrafficDistribution offers a way to express preferences for how traffic is + distributed to Service endpoints. Implementations can use this field as a + hint, but are not required to guarantee strict adherence. If the field is + not set, the implementation will apply its default routing strategy. If set + to "PreferClose", implementations should prioritize endpoints that are + topologically close (e.g., same zone). + This is an alpha field and requires enabling ServiceTrafficDistribution feature. + type: string + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + updateStrategy: + default: patch + description: UpdateStrategy describes how the service + differences should be reconciled + enum: + - patch + - replace + type: string + required: + - selectorType + - serviceTemplate + type: object + type: array + disabledDefaultServices: + description: |- + DisabledDefaultServices is a list of service types that are disabled by default. + Valid values are "r", and "ro", representing read, and read-only services. + items: + description: |- + ServiceSelectorType describes a valid value for generating the service selectors. + It indicates which type of service the selector applies to, such as read-write, read, or read-only + enum: + - rw + - r + - ro + type: string + type: array + type: object + type: object + maxSyncReplicas: + default: 0 + description: |- + The target value for the synchronous replication quorum, that can be + decreased if the number of ready standbys is lower than this. + Undefined or 0 disable synchronous replication. + minimum: 0 + type: integer + minSyncReplicas: + default: 0 + description: |- + Minimum number of instances required in synchronous replication with the + primary. Undefined or 0 allow writes to complete when no standby is + available. + minimum: 0 + type: integer + monitoring: + description: The configuration of the monitoring infrastructure of + this cluster + properties: + customQueriesConfigMap: + description: The list of config maps containing the custom queries + items: + description: |- + ConfigMapKeySelector contains enough information to let you locate + the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + customQueriesSecret: + description: The list of secrets containing the custom queries + items: + description: |- + SecretKeySelector contains enough information to let you locate + the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + disableDefaultQueries: + default: false + description: |- + Whether the default queries should be injected. + Set it to `true` if you don't want to inject default queries into the cluster. + Default: false. + type: boolean + enablePodMonitor: + default: false + description: Enable or disable the `PodMonitor` + type: boolean + podMonitorMetricRelabelings: + description: The list of metric relabelings for the `PodMonitor`. + Applied to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + podMonitorRelabelings: + description: The list of relabelings for the `PodMonitor`. Applied + to samples before scraping. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + tls: + description: |- + Configure TLS communication for the metrics endpoint. + Changing tls.enabled option will force a rollout of all instances. + properties: + enabled: + default: false + description: |- + Enable TLS for the monitoring endpoint. + Changing this option will force a rollout of all instances. + type: boolean + type: object + type: object + nodeMaintenanceWindow: + description: Define a maintenance window for the Kubernetes nodes + properties: + inProgress: + default: false + description: Is there a node maintenance activity in progress? + type: boolean + reusePVC: + default: true + description: |- + Reuse the existing PVC (wait for the node to come + up again) or not (recreate it elsewhere - when `instances` >1) + type: boolean + type: object + plugins: + description: |- + The plugins configuration, containing + any plugin to be loaded with the corresponding configuration + items: + description: |- + PluginConfiguration specifies a plugin that need to be loaded for this + cluster to be reconciled + properties: + name: + description: Name is the plugin name + type: string + parameters: + additionalProperties: + type: string + description: Parameters is the configuration of the plugin + type: object + required: + - name + type: object + type: array + postgresGID: + default: 26 + description: The GID of the `postgres` user inside the image, defaults + to `26` + format: int64 + type: integer + postgresUID: + default: 26 + description: The UID of the `postgres` user inside the image, defaults + to `26` + format: int64 + type: integer + postgresql: + description: Configuration of the PostgreSQL server + properties: + enableAlterSystem: + description: |- + If this parameter is true, the user will be able to invoke `ALTER SYSTEM` + on this CloudNativePG Cluster. + This should only be used for debugging and troubleshooting. + Defaults to false. + type: boolean + ldap: + description: Options to specify LDAP configuration + properties: + bindAsAuth: + description: Bind as authentication configuration + properties: + prefix: + description: Prefix for the bind authentication option + type: string + suffix: + description: Suffix for the bind authentication option + type: string + type: object + bindSearchAuth: + description: Bind+Search authentication configuration + properties: + baseDN: + description: Root DN to begin the user search + type: string + bindDN: + description: DN of the user to bind to the directory + type: string + bindPassword: + description: Secret with the password for the user to + bind to the directory + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + searchAttribute: + description: Attribute to match against the username + type: string + searchFilter: + description: Search filter to use when doing the search+bind + authentication + type: string + type: object + port: + description: LDAP server port + type: integer + scheme: + description: LDAP schema to be used, possible options are + `ldap` and `ldaps` + enum: + - ldap + - ldaps + type: string + server: + description: LDAP hostname or IP address + type: string + tls: + description: Set to 'true' to enable LDAP over TLS. 'false' + is default + type: boolean + type: object + parameters: + additionalProperties: + type: string + description: PostgreSQL configuration options (postgresql.conf) + type: object + pg_hba: + description: |- + PostgreSQL Host Based Authentication rules (lines to be appended + to the pg_hba.conf file) + items: + type: string + type: array + pg_ident: + description: |- + PostgreSQL User Name Maps rules (lines to be appended + to the pg_ident.conf file) + items: + type: string + type: array + promotionTimeout: + description: |- + Specifies the maximum number of seconds to wait when promoting an instance to primary. + Default value is 40000000, greater than one year in seconds, + big enough to simulate an infinite timeout + format: int32 + type: integer + shared_preload_libraries: + description: Lists of shared preload libraries to add to the default + ones + items: + type: string + type: array + syncReplicaElectionConstraint: + description: |- + Requirements to be met by sync replicas. This will affect how the "synchronous_standby_names" parameter will be + set up. + properties: + enabled: + description: This flag enables the constraints for sync replicas + type: boolean + nodeLabelsAntiAffinity: + description: A list of node labels values to extract and compare + to evaluate if the pods reside in the same topology or not + items: + type: string + type: array + required: + - enabled + type: object + synchronous: + description: Configuration of the PostgreSQL synchronous replication + feature + properties: + maxStandbyNamesFromCluster: + description: |- + Specifies the maximum number of local cluster pods that can be + automatically included in the `synchronous_standby_names` option in + PostgreSQL. + type: integer + method: + description: |- + Method to select synchronous replication standbys from the listed + servers, accepting 'any' (quorum-based synchronous replication) or + 'first' (priority-based synchronous replication) as values. + enum: + - any + - first + type: string + number: + description: |- + Specifies the number of synchronous standby servers that + transactions must wait for responses from. + type: integer + x-kubernetes-validations: + - message: The number of synchronous replicas should be greater + than zero + rule: self > 0 + standbyNamesPost: + description: |- + A user-defined list of application names to be added to + `synchronous_standby_names` after local cluster pods (the order is + only useful for priority-based synchronous replication). + items: + type: string + type: array + standbyNamesPre: + description: |- + A user-defined list of application names to be added to + `synchronous_standby_names` before local cluster pods (the order is + only useful for priority-based synchronous replication). + items: + type: string + type: array + required: + - method + - number + type: object + type: object + primaryUpdateMethod: + default: restart + description: |- + Method to follow to upgrade the primary server during a rolling + update procedure, after all replicas have been successfully updated: + it can be with a switchover (`switchover`) or in-place (`restart` - default) + enum: + - switchover + - restart + type: string + primaryUpdateStrategy: + default: unsupervised + description: |- + Deployment strategy to follow to upgrade the primary server during a rolling + update procedure, after all replicas have been successfully updated: + it can be automated (`unsupervised` - default) or manual (`supervised`) + enum: + - unsupervised + - supervised + type: string + priorityClassName: + description: |- + Name of the priority class which will be used in every generated Pod, if the PriorityClass + specified does not exist, the pod will not be able to schedule. Please refer to + https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass + for more information + type: string + projectedVolumeTemplate: + description: |- + Template to be used to define projected volumes, projected volumes will be mounted + under `/projected` base folder + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root to write + the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data to + project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional field specify whether the Secret + or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the + serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replica: + description: Replica cluster configuration + properties: + enabled: + description: |- + If replica mode is enabled, this cluster will be a replica of an + existing cluster. Replica cluster can be created from a recovery + object store or via streaming through pg_basebackup. + Refer to the Replica clusters page of the documentation for more information. + type: boolean + minApplyDelay: + description: |- + When replica mode is enabled, this parameter allows you to replay + transactions only when the system time is at least the configured + time past the commit time. This provides an opportunity to correct + data loss errors. Note that when this parameter is set, a promotion + token cannot be used. + type: string + primary: + description: |- + Primary defines which Cluster is defined to be the primary in the distributed PostgreSQL cluster, based on the + topology specified in externalClusters + type: string + promotionToken: + description: |- + A demotion token generated by an external cluster used to + check if the promotion requirements are met. + type: string + self: + description: |- + Self defines the name of this cluster. It is used to determine if this is a primary + or a replica cluster, comparing it with `primary` + type: string + source: + description: The name of the external cluster which is the replication + origin + minLength: 1 + type: string + required: + - source + type: object + replicationSlots: + default: + highAvailability: + enabled: true + description: Replication slots management configuration + properties: + highAvailability: + default: + enabled: true + description: Replication slots for high availability configuration + properties: + enabled: + default: true + description: |- + If enabled (default), the operator will automatically manage replication slots + on the primary instance and use them in streaming replication + connections with all the standby instances that are part of the HA + cluster. If disabled, the operator will not take advantage + of replication slots in streaming connections with the replicas. + This feature also controls replication slots in replica cluster, + from the designated primary to its cascading replicas. + type: boolean + slotPrefix: + default: _cnpg_ + description: |- + Prefix for replication slots managed by the operator for HA. + It may only contain lower case letters, numbers, and the underscore character. + This can only be set at creation time. By default set to `_cnpg_`. + pattern: ^[0-9a-z_]*$ + type: string + type: object + synchronizeReplicas: + description: Configures the synchronization of the user defined + physical replication slots + properties: + enabled: + default: true + description: When set to true, every replication slot that + is on the primary is synchronized on each standby + type: boolean + excludePatterns: + description: List of regular expression patterns to match + the names of replication slots to be excluded (by default + empty) + items: + type: string + type: array + required: + - enabled + type: object + updateInterval: + default: 30 + description: |- + Standby will update the status of the local replication slots + every `updateInterval` seconds (default 30). + minimum: 1 + type: integer + type: object + resources: + description: |- + Resources requirements of every generated Pod. Please refer to + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + for more information. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + schedulerName: + description: |- + If specified, the pod will be dispatched by specified Kubernetes + scheduler. If not specified, the pod will be dispatched by the default + scheduler. More info: + https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/ + type: string + seccompProfile: + description: |- + The SeccompProfile applied to every Pod and Container. + Defaults to: `RuntimeDefault` + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + serviceAccountTemplate: + description: Configure the generation of the service account + properties: + metadata: + description: |- + Metadata are the metadata to be used for the generated + service account + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: The name of the resource. Only supported for + certain types + type: string + type: object + required: + - metadata + type: object + smartShutdownTimeout: + default: 180 + description: |- + The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. + Make sure you reserve enough time for the operator to request a fast shutdown of Postgres + (that is: `stopDelay` - `smartShutdownTimeout`). + format: int32 + type: integer + startDelay: + default: 3600 + description: |- + The time in seconds that is allowed for a PostgreSQL instance to + successfully start up (default 3600). + The startup probe failure threshold is derived from this value using the formula: + ceiling(startDelay / 10). + format: int32 + type: integer + stopDelay: + default: 1800 + description: |- + The time in seconds that is allowed for a PostgreSQL instance to + gracefully shutdown (default 1800) + format: int32 + type: integer + storage: + description: Configuration of the storage of the instances + properties: + pvcTemplate: + description: Template to be used to generate the Persistent Volume + Claim + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: |- + Size of the storage. Required if not already specified in the PVC template. + Changes to this field are automatically reapplied to the created PVCs. + Size cannot be decreased. + type: string + storageClass: + description: |- + StorageClass to use for PVCs. Applied after + evaluating the PVC template, if available. + If not specified, the generated PVCs will use the + default storage class + type: string + type: object + superuserSecret: + description: |- + The secret containing the superuser password. If not defined a new + secret will be created with a randomly generated password + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + switchoverDelay: + default: 3600 + description: |- + The time in seconds that is allowed for a primary PostgreSQL instance + to gracefully shutdown during a switchover. + Default value is 3600 seconds (1 hour). + format: int32 + type: integer + tablespaces: + description: The tablespaces configuration + items: + description: |- + TablespaceConfiguration is the configuration of a tablespace, and includes + the storage specification for the tablespace + properties: + name: + description: The name of the tablespace + type: string + owner: + description: Owner is the PostgreSQL user owning the tablespace + properties: + name: + type: string + type: object + storage: + description: The storage configuration for the tablespace + properties: + pvcTemplate: + description: Template to be used to generate the Persistent + Volume Claim + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: |- + Size of the storage. Required if not already specified in the PVC template. + Changes to this field are automatically reapplied to the created PVCs. + Size cannot be decreased. + type: string + storageClass: + description: |- + StorageClass to use for PVCs. Applied after + evaluating the PVC template, if available. + If not specified, the generated PVCs will use the + default storage class + type: string + type: object + temporary: + default: false + description: |- + When set to true, the tablespace will be added as a `temp_tablespaces` + entry in PostgreSQL, and will be available to automatically house temp + database objects, or other temporary files. Please refer to PostgreSQL + documentation for more information on the `temp_tablespaces` GUC. + type: boolean + required: + - name + - storage + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints specifies how to spread matching pods among the given topology. + More info: + https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + walStorage: + description: Configuration of the storage for PostgreSQL WAL (Write-Ahead + Log) + properties: + pvcTemplate: + description: Template to be used to generate the Persistent Volume + Claim + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: |- + Size of the storage. Required if not already specified in the PVC template. + Changes to this field are automatically reapplied to the created PVCs. + Size cannot be decreased. + type: string + storageClass: + description: |- + StorageClass to use for PVCs. Applied after + evaluating the PVC template, if available. + If not specified, the generated PVCs will use the + default storage class + type: string + type: object + required: + - instances + type: object + x-kubernetes-validations: + - message: imageName and imageCatalogRef are mutually exclusive + rule: '!(has(self.imageCatalogRef) && has(self.imageName))' + status: + description: |- + Most recently observed status of the cluster. This data may not be up + to date. Populated by the system. Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + availableArchitectures: + description: AvailableArchitectures reports the available architectures + of a cluster + items: + description: AvailableArchitecture represents the state of a cluster's + architecture + properties: + goArch: + description: GoArch is the name of the executable architecture + type: string + hash: + description: Hash is the hash of the executable + type: string + required: + - goArch + - hash + type: object + type: array + azurePVCUpdateEnabled: + description: AzurePVCUpdateEnabled shows if the PVC online upgrade + is enabled for this cluster + type: boolean + certificates: + description: The configuration for the CA and related certificates, + initialized with defaults. + properties: + clientCASecret: + description: |- + The secret containing the Client CA certificate. If not defined, a new secret will be created + with a self-signed CA and will be used to generate all the client certificates.
+
+ Contains:
+
+ - `ca.crt`: CA that should be used to validate the client certificates, + used as `ssl_ca_file` of all the instances.
+ - `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided, + this can be omitted.
+ type: string + expirations: + additionalProperties: + type: string + description: Expiration dates for all certificates. + type: object + replicationTLSSecret: + description: |- + The secret of type kubernetes.io/tls containing the client certificate to authenticate as + the `streaming_replica` user. + If not defined, ClientCASecret must provide also `ca.key`, and a new secret will be + created using the provided CA. + type: string + serverAltDNSNames: + description: The list of the server alternative DNS names to be + added to the generated server TLS certificates, when required. + items: + type: string + type: array + serverCASecret: + description: |- + The secret containing the Server CA certificate. If not defined, a new secret will be created + with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
+
+ Contains:
+
+ - `ca.crt`: CA that should be used to validate the server certificate, + used as `sslrootcert` in client connection strings.
+ - `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided, + this can be omitted.
+ type: string + serverTLSSecret: + description: |- + The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as + `ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely. + If not defined, ServerCASecret must provide also `ca.key` and a new secret will be + created using the provided CA. + type: string + type: object + cloudNativePGCommitHash: + description: The commit hash number of which this operator running + type: string + cloudNativePGOperatorHash: + description: The hash of the binary of the operator + type: string + conditions: + description: Conditions for cluster object + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configMapResourceVersion: + description: |- + The list of resource versions of the configmaps, + managed by the operator. Every change here is done in the + interest of the instance manager, which will refresh the + configmap data + properties: + metrics: + additionalProperties: + type: string + description: |- + A map with the versions of all the config maps used to pass metrics. + Map keys are the config map names, map values are the versions + type: object + type: object + currentPrimary: + description: Current primary instance + type: string + currentPrimaryFailingSinceTimestamp: + description: |- + The timestamp when the primary was detected to be unhealthy + This field is reported when `.spec.failoverDelay` is populated or during online upgrades + type: string + currentPrimaryTimestamp: + description: The timestamp when the last actual promotion to primary + has occurred + type: string + danglingPVC: + description: |- + List of all the PVCs created by this cluster and still available + which are not attached to a Pod + items: + type: string + type: array + demotionToken: + description: |- + DemotionToken is a JSON token containing the information + from pg_controldata such as Database system identifier, Latest checkpoint's + TimeLineID, Latest checkpoint's REDO location, Latest checkpoint's REDO + WAL file, and Time of latest checkpoint + type: string + firstRecoverabilityPoint: + description: |- + The first recoverability point, stored as a date in RFC3339 format. + This field is calculated from the content of FirstRecoverabilityPointByMethod + type: string + firstRecoverabilityPointByMethod: + additionalProperties: + format: date-time + type: string + description: The first recoverability point, stored as a date in RFC3339 + format, per backup method type + type: object + healthyPVC: + description: List of all the PVCs not dangling nor initializing + items: + type: string + type: array + image: + description: Image contains the image name used by the pods + type: string + initializingPVC: + description: List of all the PVCs that are being initialized by this + cluster + items: + type: string + type: array + instanceNames: + description: List of instance names in the cluster + items: + type: string + type: array + instances: + description: The total number of PVC Groups detected in the cluster. + It may differ from the number of existing instance pods. + type: integer + instancesReportedState: + additionalProperties: + description: InstanceReportedState describes the last reported state + of an instance during a reconciliation loop + properties: + isPrimary: + description: indicates if an instance is the primary one + type: boolean + timeLineID: + description: indicates on which TimelineId the instance is + type: integer + required: + - isPrimary + type: object + description: The reported state of the instances during the last reconciliation + loop + type: object + instancesStatus: + additionalProperties: + items: + type: string + type: array + description: InstancesStatus indicates in which status the instances + are + type: object + jobCount: + description: How many Jobs have been created by this cluster + format: int32 + type: integer + lastFailedBackup: + description: Stored as a date in RFC3339 format + type: string + lastPromotionToken: + description: |- + LastPromotionToken is the last verified promotion token that + was used to promote a replica cluster + type: string + lastSuccessfulBackup: + description: |- + Last successful backup, stored as a date in RFC3339 format + This field is calculated from the content of LastSuccessfulBackupByMethod + type: string + lastSuccessfulBackupByMethod: + additionalProperties: + format: date-time + type: string + description: Last successful backup, stored as a date in RFC3339 format, + per backup method type + type: object + latestGeneratedNode: + description: ID of the latest generated node (used to avoid node name + clashing) + type: integer + managedRolesStatus: + description: ManagedRolesStatus reports the state of the managed roles + in the cluster + properties: + byStatus: + additionalProperties: + items: + type: string + type: array + description: ByStatus gives the list of roles in each state + type: object + cannotReconcile: + additionalProperties: + items: + type: string + type: array + description: |- + CannotReconcile lists roles that cannot be reconciled in PostgreSQL, + with an explanation of the cause + type: object + passwordStatus: + additionalProperties: + description: PasswordState represents the state of the password + of a managed RoleConfiguration + properties: + resourceVersion: + description: the resource version of the password secret + type: string + transactionID: + description: the last transaction ID to affect the role + definition in PostgreSQL + format: int64 + type: integer + type: object + description: PasswordStatus gives the last transaction id and + password secret version for each managed role + type: object + type: object + onlineUpdateEnabled: + description: OnlineUpdateEnabled shows if the online upgrade is enabled + inside the cluster + type: boolean + phase: + description: Current phase of the cluster + type: string + phaseReason: + description: Reason for the current phase + type: string + pluginStatus: + description: PluginStatus is the status of the loaded plugins + items: + description: PluginStatus is the status of a loaded plugin + properties: + backupCapabilities: + description: |- + BackupCapabilities are the list of capabilities of the + plugin regarding the Backup management + items: + type: string + type: array + capabilities: + description: |- + Capabilities are the list of capabilities of the + plugin + items: + type: string + type: array + name: + description: Name is the name of the plugin + type: string + operatorCapabilities: + description: |- + OperatorCapabilities are the list of capabilities of the + plugin regarding the reconciler + items: + type: string + type: array + status: + description: Status contain the status reported by the plugin + through the SetStatusInCluster interface + type: string + version: + description: |- + Version is the version of the plugin loaded by the + latest reconciliation loop + type: string + walCapabilities: + description: |- + WALCapabilities are the list of capabilities of the + plugin regarding the WAL management + items: + type: string + type: array + required: + - name + - version + type: object + type: array + poolerIntegrations: + description: The integration needed by poolers referencing the cluster + properties: + pgBouncerIntegration: + description: PgBouncerIntegrationStatus encapsulates the needed + integration for the pgbouncer poolers referencing the cluster + properties: + secrets: + items: + type: string + type: array + type: object + type: object + pvcCount: + description: How many PVCs have been created by this cluster + format: int32 + type: integer + readService: + description: Current list of read pods + type: string + readyInstances: + description: The total number of ready instances in the cluster. It + is equal to the number of ready instance pods. + type: integer + resizingPVC: + description: List of all the PVCs that have ResizingPVC condition. + items: + type: string + type: array + secretsResourceVersion: + description: |- + The list of resource versions of the secrets + managed by the operator. Every change here is done in the + interest of the instance manager, which will refresh the + secret data + properties: + applicationSecretVersion: + description: The resource version of the "app" user secret + type: string + barmanEndpointCA: + description: The resource version of the Barman Endpoint CA if + provided + type: string + caSecretVersion: + description: Unused. Retained for compatibility with old versions. + type: string + clientCaSecretVersion: + description: The resource version of the PostgreSQL client-side + CA secret version + type: string + externalClusterSecretVersion: + additionalProperties: + type: string + description: The resource versions of the external cluster secrets + type: object + managedRoleSecretVersion: + additionalProperties: + type: string + description: The resource versions of the managed roles secrets + type: object + metrics: + additionalProperties: + type: string + description: |- + A map with the versions of all the secrets used to pass metrics. + Map keys are the secret names, map values are the versions + type: object + replicationSecretVersion: + description: The resource version of the "streaming_replica" user + secret + type: string + serverCaSecretVersion: + description: The resource version of the PostgreSQL server-side + CA secret version + type: string + serverSecretVersion: + description: The resource version of the PostgreSQL server-side + secret version + type: string + superuserSecretVersion: + description: The resource version of the "postgres" user secret + type: string + type: object + switchReplicaClusterStatus: + description: SwitchReplicaClusterStatus is the status of the switch + to replica cluster + properties: + inProgress: + description: InProgress indicates if there is an ongoing procedure + of switching a cluster to a replica cluster. + type: boolean + type: object + tablespacesStatus: + description: TablespacesStatus reports the state of the declarative + tablespaces in the cluster + items: + description: TablespaceState represents the state of a tablespace + in a cluster + properties: + error: + description: Error is the reconciliation error, if any + type: string + name: + description: Name is the name of the tablespace + type: string + owner: + description: Owner is the PostgreSQL user owning the tablespace + type: string + state: + description: State is the latest reconciliation state + type: string + required: + - name + - state + type: object + type: array + targetPrimary: + description: |- + Target primary instance, this is different from the previous one + during a switchover or a failover + type: string + targetPrimaryTimestamp: + description: The timestamp when the last request for a new primary + has occurred + type: string + timelineID: + description: The timeline of the Postgres cluster + type: integer + topology: + description: Instances topology. + properties: + instances: + additionalProperties: + additionalProperties: + type: string + description: PodTopologyLabels represent the topology of a Pod. + map[labelName]labelValue + type: object + description: Instances contains the pod topology of the instances + type: object + nodesUsed: + description: |- + NodesUsed represents the count of distinct nodes accommodating the instances. + A value of '1' suggests that all instances are hosted on a single node, + implying the absence of High Availability (HA). Ideally, this value should + be the same as the number of instances in the Postgres HA cluster, implying + shared nothing architecture on the compute side. + format: int32 + type: integer + successfullyExtracted: + description: |- + SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors + in synchronous replica election in case of failures + type: boolean + type: object + unusablePVC: + description: List of all the PVCs that are unusable because another + PVC is missing + items: + type: string + type: array + writeService: + description: Current write pod + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.instances + statusReplicasPath: .status.instances + status: {} +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: imagecatalogs.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: ImageCatalog + listKind: ImageCatalogList + plural: imagecatalogs + singular: imagecatalog + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ImageCatalog is the Schema for the imagecatalogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the ImageCatalog. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + images: + description: List of CatalogImages available in the catalog + items: + description: CatalogImage defines the image and major version + properties: + image: + description: The image reference + type: string + major: + description: The PostgreSQL major version of the image. Must + be unique within the catalog. + minimum: 10 + type: integer + required: + - image + - major + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-validations: + - message: Images must have unique major versions + rule: self.all(e, self.filter(f, f.major==e.major).size() == 1) + required: + - images + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: poolers.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: Pooler + listKind: PoolerList + plural: poolers + singular: pooler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .spec.type + name: Type + type: string + name: v1 + schema: + openAPIV3Schema: + description: Pooler is the Schema for the poolers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the Pooler. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + cluster: + description: |- + This is the cluster reference on which the Pooler will work. + Pooler name should never match with any cluster name within the same namespace. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + deploymentStrategy: + description: The deployment strategy to use for pgbouncer to replace + existing pods with new ones + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + instances: + default: 1 + description: 'The number of replicas we want. Default: 1.' + format: int32 + type: integer + monitoring: + description: The configuration of the monitoring infrastructure of + this pooler. + properties: + enablePodMonitor: + default: false + description: Enable or disable the `PodMonitor` + type: boolean + podMonitorMetricRelabelings: + description: The list of metric relabelings for the `PodMonitor`. + Applied to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + podMonitorRelabelings: + description: The list of relabelings for the `PodMonitor`. Applied + to samples before scraping. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + type: object + pgbouncer: + description: The PgBouncer configuration + properties: + authQuery: + description: |- + The query that will be used to download the hash of the password + of a certain user. Default: "SELECT usename, passwd FROM public.user_search($1)". + In case it is specified, also an AuthQuerySecret has to be specified and + no automatic CNPG Cluster integration will be triggered. + type: string + authQuerySecret: + description: |- + The credentials of the user that need to be used for the authentication + query. In case it is specified, also an AuthQuery + (e.g. "SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1") + has to be specified and no automatic CNPG Cluster integration will be triggered. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + parameters: + additionalProperties: + type: string + description: |- + Additional parameters to be passed to PgBouncer - please check + the CNPG documentation for a list of options you can configure + type: object + paused: + default: false + description: |- + When set to `true`, PgBouncer will disconnect from the PostgreSQL + server, first waiting for all queries to complete, and pause all new + client connections until this value is set to `false` (default). Internally, + the operator calls PgBouncer's `PAUSE` and `RESUME` commands. + type: boolean + pg_hba: + description: |- + PostgreSQL Host Based Authentication rules (lines to be appended + to the pg_hba.conf file) + items: + type: string + type: array + poolMode: + default: session + description: 'The pool mode. Default: `session`.' + enum: + - session + - transaction + type: string + type: object + serviceTemplate: + description: Template for the Service to be created + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: The name of the resource. Only supported for + certain types + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the service. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + allocateLoadBalancerNodePorts: + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. + type: boolean + clusterIP: + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + clusterIPs: + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. + items: + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + x-kubernetes-list-type: atomic + ports: + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + trafficDistribution: + description: |- + TrafficDistribution offers a way to express preferences for how traffic is + distributed to Service endpoints. Implementations can use this field as a + hint, but are not required to guarantee strict adherence. If the field is + not set, the implementation will apply its default routing strategy. If set + to "PreferClose", implementations should prioritize endpoints that are + topologically close (e.g., same zone). + This is an alpha field and requires enabling ServiceTrafficDistribution feature. + type: string + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + template: + description: The template of the Pod to be created + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: The name of the resource. Only supported for + certain types + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.appArmorProfile + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a Pod to + guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: + default: rw + description: 'Type of service to forward traffic to. Default: `rw`.' + enum: + - rw + - ro + type: string + required: + - cluster + - pgbouncer + type: object + status: + description: |- + Most recently observed status of the Pooler. This data may not be up to + date. Populated by the system. Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + instances: + description: The number of pods trying to be scheduled + format: int32 + type: integer + secrets: + description: The resource version of the config object + properties: + clientCA: + description: The client CA secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + pgBouncerSecrets: + description: The version of the secrets used by PgBouncer + properties: + authQuery: + description: The auth query secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + type: object + serverCA: + description: The server CA secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + serverTLS: + description: The server TLS secret version + properties: + name: + description: The name of the secret + type: string + version: + description: The ResourceVersion of the secret + type: string + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.instances + statusReplicasPath: .status.instances + status: {} +--- +# Source: cloudnative-pg/templates/crds/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + name: scheduledbackups.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: ScheduledBackup + listKind: ScheduledBackupList + plural: scheduledbackups + singular: scheduledbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.cluster.name + name: Cluster + type: string + - jsonPath: .status.lastScheduleTime + name: Last Backup + type: date + name: v1 + schema: + openAPIV3Schema: + description: ScheduledBackup is the Schema for the scheduledbackups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the ScheduledBackup. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + backupOwnerReference: + default: none + description: |- + Indicates which ownerReference should be put inside the created backup resources.
+ - none: no owner reference for created backup objects (same behavior as before the field was introduced)
+ - self: sets the Scheduled backup object as owner of the backup
+ - cluster: set the cluster as owner of the backup
+ enum: + - none + - self + - cluster + type: string + cluster: + description: The cluster to backup + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + immediate: + description: If the first backup has to be immediately start after + creation or not + type: boolean + method: + default: barmanObjectStore + description: |- + The backup method to be used, possible options are `barmanObjectStore`, + `volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`. + enum: + - barmanObjectStore + - volumeSnapshot + - plugin + type: string + online: + description: |- + Whether the default type of backup with volume snapshots is + online/hot (`true`, default) or offline/cold (`false`) + Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online' + type: boolean + onlineConfiguration: + description: |- + Configuration parameters to control the online/hot backup with volume snapshots + Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza + properties: + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + waitForArchive: + default: true + description: |- + If false, the function will return immediately after the backup is completed, + without waiting for WAL to be archived. + This behavior is only useful with backup software that independently monitors WAL archiving. + Otherwise, WAL required to make the backup consistent might be missing and make the backup useless. + By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is + enabled. + On a standby, this means that it will wait only when archive_mode = always. + If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger + an immediate segment switch. + type: boolean + type: object + pluginConfiguration: + description: Configuration parameters passed to the plugin managing + this backup + properties: + name: + description: Name is the name of the plugin managing this backup + type: string + parameters: + additionalProperties: + type: string + description: |- + Parameters are the configuration parameters passed to the backup + plugin for this backup + type: object + required: + - name + type: object + schedule: + description: |- + The schedule does not follow the same format used in Kubernetes CronJobs + as it includes an additional seconds specifier, + see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format + type: string + suspend: + description: If this backup is suspended or not + type: boolean + target: + description: |- + The policy to decide which instance should perform this backup. If empty, + it defaults to `cluster.spec.backup.target`. + Available options are empty string, `primary` and `prefer-standby`. + `primary` to have backups run always on primary instances, + `prefer-standby` to have backups run preferably on the most updated + standby, if available. + enum: + - primary + - prefer-standby + type: string + required: + - cluster + - schedule + type: object + status: + description: |- + Most recently observed status of the ScheduledBackup. This data may not be up + to date. Populated by the system. Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + lastCheckTime: + description: The latest time the schedule + format: date-time + type: string + lastScheduleTime: + description: Information when was the last time that backup was successfully + scheduled. + format: date-time + type: string + nextScheduleTime: + description: Next time we will run a backup + format: date-time + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +# Source: cloudnative-pg/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cnpg-cloudnative-pg + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - patch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - clusterimagecatalogs + verbs: + - get + - list + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - clusters/finalizers + verbs: + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - clusters/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - imagecatalogs + verbs: + - get + - list + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - poolers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - poolers/finalizers + verbs: + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - poolers/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - scheduledbackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - scheduledbackups/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - get + - list + - patch + - watch +--- +# Source: cloudnative-pg/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cnpg-cloudnative-pg-view + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + - clusters + - poolers + - scheduledbackups + verbs: + - get + - list + - watch +--- +# Source: cloudnative-pg/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cnpg-cloudnative-pg-edit + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + - clusters + - poolers + - scheduledbackups + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +# Source: cloudnative-pg/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cnpg-cloudnative-pg + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnpg-cloudnative-pg +subjects: +- kind: ServiceAccount + name: cnpg-cloudnative-pg + namespace: cnpg-system +--- +# Source: cloudnative-pg/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: cnpg-webhook-service + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 443 + targetPort: webhook-server + name: webhook-server + selector: + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg +--- +# Source: cloudnative-pg/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cnpg-cloudnative-pg + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + template: + metadata: + annotations: + checksum/config: 16777c2c84620003163c3d3ad48e271b7c93a7b6acebfb6e43824dd3ea77ed1d + labels: + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + spec: + containers: + - args: + - controller + - --leader-elect + - --config-map-name=cnpg-controller-manager-config + - --webhook-port=9443 + command: + - /manager + env: + - name: OPERATOR_IMAGE_NAME + value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.24.0" + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MONITORING_QUERIES_CONFIGMAP + value: "cnpg-default-monitoring" + image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.24.0" + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /readyz + port: 9443 + scheme: HTTPS + initialDelaySeconds: 3 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9443 + scheme: HTTPS + initialDelaySeconds: 3 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 10001 + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /controller + name: scratch-data + - mountPath: /run/secrets/cnpg.io/webhook + name: webhook-certificates + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: cnpg-cloudnative-pg + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: scratch-data + - name: webhook-certificates + secret: + defaultMode: 420 + optional: true + secretName: cnpg-webhook-cert +--- +# Source: cloudnative-pg/templates/deployment.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/monitoring-configmap.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/mutatingwebhookconfiguration.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/rbac.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/service.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/validatingwebhookconfiguration.yaml +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# Source: cloudnative-pg/templates/mutatingwebhookconfiguration.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: cnpg-mutating-webhook-configuration + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /mutate-postgresql-cnpg-io-v1-backup + port: 443 + failurePolicy: Fail + name: mbackup.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /mutate-postgresql-cnpg-io-v1-cluster + port: 443 + failurePolicy: Fail + name: mcluster.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /mutate-postgresql-cnpg-io-v1-scheduledbackup + port: 443 + failurePolicy: Fail + name: mscheduledbackup.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - scheduledbackups + sideEffects: None +--- +# Source: cloudnative-pg/templates/validatingwebhookconfiguration.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: cnpg-validating-webhook-configuration + labels: + helm.sh/chart: cloudnative-pg-0.22.0 + app.kubernetes.io/name: cloudnative-pg + app.kubernetes.io/instance: cnpg + app.kubernetes.io/version: "1.24.0" + app.kubernetes.io/managed-by: Helm +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /validate-postgresql-cnpg-io-v1-backup + port: 443 + failurePolicy: Fail + name: vbackup.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /validate-postgresql-cnpg-io-v1-cluster + port: 443 + failurePolicy: Fail + name: vcluster.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /validate-postgresql-cnpg-io-v1-scheduledbackup + port: 443 + failurePolicy: Fail + name: vscheduledbackup.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - scheduledbackups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: cnpg-webhook-service + namespace: cnpg-system + path: /validate-postgresql-cnpg-io-v1-pooler + port: 443 + failurePolicy: Fail + name: vpooler.cnpg.io + rules: + - apiGroups: + - postgresql.cnpg.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - poolers + sideEffects: None diff --git a/platform/stack/packages/data/cnpg/values.yaml b/platform/stack/packages/data/cnpg/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/platform/stack/packages/security/kubescape/.gitkeep b/platform/stack/packages/security/kubescape/.gitkeep new file mode 100644 index 00000000..e69de29b