Skip to content

Commit

Permalink
Merge pull request kubernetes#47566 from tengqm/configapi-1.31
Browse files Browse the repository at this point in the history 
Update config API for v1.31
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Aug 20, 2024
2 parents a0dd39b + f69f28f commit 5675366
Show file tree
Hide file tree
Showing 15 changed files with 463 additions and 187 deletions.
4 changes: 2 additions & 2 deletions content/en/docs/reference/config-api/apiserver-admission.v1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ requested. e.g. a patch can result in either a CREATE or UPDATE Operation.</p>
</td>
</tr>
<tr><td><code>userInfo</code> <B>[Required]</B><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
</td>
<td>
<p>UserInfo is information about the requesting user</p>
Expand Down Expand Up @@ -226,7 +226,7 @@ This must be copied over from the corresponding AdmissionRequest.</p>
</td>
</tr>
<tr><td><code>status</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#status-v1-meta"><code>meta/v1.Status</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#status-v1-meta"><code>meta/v1.Status</code></a>
</td>
<td>
<p>Result contains extra details into why an admission request was denied.
Expand Down
16 changes: 8 additions & 8 deletions content/en/docs/reference/config-api/apiserver-audit.v1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,14 @@ For non-resource requests, this is the lower-cased HTTP method.</p>
</td>
</tr>
<tr><td><code>user</code> <B>[Required]</B><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
</td>
<td>
<p>Authenticated user information.</p>
</td>
</tr>
<tr><td><code>impersonatedUser</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#userinfo-v1-authentication-k8s-io"><code>authentication/v1.UserInfo</code></a>
</td>
<td>
<p>Impersonated user information.</p>
Expand Down Expand Up @@ -116,7 +116,7 @@ Does not apply for List-type requests, or non-resource requests.</p>
</td>
</tr>
<tr><td><code>responseStatus</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#status-v1-meta"><code>meta/v1.Status</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#status-v1-meta"><code>meta/v1.Status</code></a>
</td>
<td>
<p>The response status, populated even when the ResponseObject is not a Status type.
Expand Down Expand Up @@ -144,14 +144,14 @@ at Response Level.</p>
</td>
</tr>
<tr><td><code>requestReceivedTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
</td>
<td>
<p>Time the request reached the apiserver.</p>
</td>
</tr>
<tr><td><code>stageTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
</td>
<td>
<p>Time the request reached current audit stage.</p>
Expand Down Expand Up @@ -188,7 +188,7 @@ should be short. Annotations are included in the Metadata level.</p>


<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span></td>
Expand Down Expand Up @@ -223,7 +223,7 @@ categories are logged.</p>


<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta"><code>meta/v1.ObjectMeta</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta"><code>meta/v1.ObjectMeta</code></a>
</td>
<td>
<p>ObjectMeta is included for interoperability with API infrastructure.</p>
Expand Down Expand Up @@ -278,7 +278,7 @@ in a rule will override the global default.</p>


<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span></td>
Expand Down
77 changes: 72 additions & 5 deletions content/en/docs/reference/config-api/apiserver-config.v1alpha1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,17 @@ JWT authenticator will attempt to cryptographically validate the token.</p>
&quot;iss&quot;: &quot;https://issuer.example.com&quot;,
&quot;aud&quot;: [&quot;audience&quot;],
&quot;exp&quot;: 1234567890,
&quot;&lt;username claim&gt;&quot;: &quot;username&quot;
&quot;<!-- raw HTML omitted -->&quot;: &quot;username&quot;
}</p>
</td>
</tr>
<tr><td><code>anonymous</code> <B>[Required]</B><br/>
<a href="#apiserver-k8s-io-v1alpha1-AnonymousAuthConfig"><code>AnonymousAuthConfig</code></a>
</td>
<td>
<p>If present --anonymous-auth must not be set</p>
</td>
</tr>
</tbody>
</table>

Expand Down Expand Up @@ -245,6 +252,66 @@ configuration. If present, it will be used instead of the path to the configurat
</tbody>
</table>

## `AnonymousAuthCondition` {#apiserver-k8s-io-v1alpha1-AnonymousAuthCondition}


**Appears in:**

- [AnonymousAuthConfig](#apiserver-k8s-io-v1alpha1-AnonymousAuthConfig)


<p>AnonymousAuthCondition describes the condition under which anonymous auth
should be enabled.</p>


<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>


<tr><td><code>path</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>Path for which anonymous auth is enabled.</p>
</td>
</tr>
</tbody>
</table>

## `AnonymousAuthConfig` {#apiserver-k8s-io-v1alpha1-AnonymousAuthConfig}


**Appears in:**

- [AuthenticationConfiguration](#apiserver-k8s-io-v1alpha1-AuthenticationConfiguration)


<p>AnonymousAuthConfig provides the configuration for the anonymous authenticator.</p>


<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>


<tr><td><code>enabled</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>conditions</code> <B>[Required]</B><br/>
<a href="#apiserver-k8s-io-v1alpha1-AnonymousAuthCondition"><code>[]AnonymousAuthCondition</code></a>
</td>
<td>
<p>If set, anonymous auth is only allowed if the request meets one of the
conditions.</p>
</td>
</tr>
</tbody>
</table>

## `AudienceMatchPolicyType` {#apiserver-k8s-io-v1alpha1-AudienceMatchPolicyType}

(Alias of `string`)
Expand Down Expand Up @@ -331,7 +398,7 @@ The claim's value must be a singular string.
Same as the --oidc-username-claim and --oidc-username-prefix flags.
If username.expression is set, the expression must produce a string value.
If username.expression uses 'claims.email', then 'claims.email_verified' must be used in
username.expression or extra[&ast;].valueExpression or claimValidationRules[&ast;].expression.
username.expression or extra[<em>].valueExpression or claimValidationRules[</em>].expression.
An example claim validation rule expression that matches the validation automatically
applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.</p>
<p>In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set,
Expand All @@ -341,8 +408,8 @@ For prefix:
(1) --oidc-username-prefix=&quot;-&quot;, no prefix was added to the username. For the same behavior using authentication config,
set username.prefix=&quot;&quot;
(2) --oidc-username-prefix=&quot;&quot; and --oidc-username-claim != &quot;email&quot;, prefix was &quot;&lt;value of --oidc-issuer-url&gt;#&quot;. For the same
behavior using authentication config, set username.prefix=&quot;&lt;value of issuer.url&gt;#&quot;
(3) --oidc-username-prefix=&quot;&lt;value&gt;&quot;. For the same behavior using authentication config, set username.prefix=&quot;&lt;value&gt;&quot;</p>
behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->#&quot;
(3) --oidc-username-prefix=&quot;<!-- raw HTML omitted -->&quot;. For the same behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->&quot;</p>
</td>
</tr>
<tr><td><code>groups</code><br/>
Expand Down Expand Up @@ -1202,4 +1269,4 @@ the contents would be converted to the v1 version before evaluating the CEL expr
</tr>
</tbody>
</table>


77 changes: 72 additions & 5 deletions content/en/docs/reference/config-api/apiserver-config.v1beta1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,17 @@ JWT authenticator will attempt to cryptographically validate the token.</p>
&quot;iss&quot;: &quot;https://issuer.example.com&quot;,
&quot;aud&quot;: [&quot;audience&quot;],
&quot;exp&quot;: 1234567890,
&quot;&lt;username claim&gt;&quot;: &quot;username&quot;
&quot;<!-- raw HTML omitted -->&quot;: &quot;username&quot;
}</p>
</td>
</tr>
<tr><td><code>anonymous</code> <B>[Required]</B><br/>
<a href="#apiserver-k8s-io-v1beta1-AnonymousAuthConfig"><code>AnonymousAuthConfig</code></a>
</td>
<td>
<p>If present --anonymous-auth must not be set</p>
</td>
</tr>
</tbody>
</table>

Expand Down Expand Up @@ -178,6 +185,66 @@ Must be at least one.</p>
</tbody>
</table>

## `AnonymousAuthCondition` {#apiserver-k8s-io-v1beta1-AnonymousAuthCondition}


**Appears in:**

- [AnonymousAuthConfig](#apiserver-k8s-io-v1beta1-AnonymousAuthConfig)


<p>AnonymousAuthCondition describes the condition under which anonymous auth
should be enabled.</p>


<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>


<tr><td><code>path</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>Path for which anonymous auth is enabled.</p>
</td>
</tr>
</tbody>
</table>

## `AnonymousAuthConfig` {#apiserver-k8s-io-v1beta1-AnonymousAuthConfig}


**Appears in:**

- [AuthenticationConfiguration](#apiserver-k8s-io-v1beta1-AuthenticationConfiguration)


<p>AnonymousAuthConfig provides the configuration for the anonymous authenticator.</p>


<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>


<tr><td><code>enabled</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>conditions</code> <B>[Required]</B><br/>
<a href="#apiserver-k8s-io-v1beta1-AnonymousAuthCondition"><code>[]AnonymousAuthCondition</code></a>
</td>
<td>
<p>If set, anonymous auth is only allowed if the request meets one of the
conditions.</p>
</td>
</tr>
</tbody>
</table>

## `AudienceMatchPolicyType` {#apiserver-k8s-io-v1beta1-AudienceMatchPolicyType}

(Alias of `string`)
Expand Down Expand Up @@ -264,7 +331,7 @@ The claim's value must be a singular string.
Same as the --oidc-username-claim and --oidc-username-prefix flags.
If username.expression is set, the expression must produce a string value.
If username.expression uses 'claims.email', then 'claims.email_verified' must be used in
username.expression or extra[&ast;].valueExpression or claimValidationRules[&ast;].expression.
username.expression or extra[<em>].valueExpression or claimValidationRules[</em>].expression.
An example claim validation rule expression that matches the validation automatically
applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.</p>
<p>In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set,
Expand All @@ -274,8 +341,8 @@ For prefix:
(1) --oidc-username-prefix=&quot;-&quot;, no prefix was added to the username. For the same behavior using authentication config,
set username.prefix=&quot;&quot;
(2) --oidc-username-prefix=&quot;&quot; and --oidc-username-claim != &quot;email&quot;, prefix was &quot;&lt;value of --oidc-issuer-url&gt;#&quot;. For the same
behavior using authentication config, set username.prefix=&quot;&lt;value of issuer.url&gt;#&quot;
(3) --oidc-username-prefix=&quot;&lt;value&gt;&quot;. For the same behavior using authentication config, set username.prefix=&quot;&lt;value&gt;&quot;</p>
behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->#&quot;
(3) --oidc-username-prefix=&quot;<!-- raw HTML omitted -->&quot;. For the same behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->&quot;</p>
</td>
</tr>
<tr><td><code>groups</code><br/>
Expand Down Expand Up @@ -1135,4 +1202,4 @@ the contents would be converted to the v1 version before evaluating the CEL expr
</tr>
</tbody>
</table>


2 changes: 1 addition & 1 deletion content/en/docs/reference/config-api/client-authentication.v1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ itself should at least be protected via file permissions.</p>


<tr><td><code>expirationTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#time-v1-meta"><code>meta/v1.Time</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#time-v1-meta"><code>meta/v1.Time</code></a>
</td>
<td>
<p>ExpirationTimestamp indicates a time when the provided credentials expire.</p>
Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/reference/config-api/client-authentication.v1beta1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ itself should at least be protected via file permissions.</p>


<tr><td><code>expirationTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#time-v1-meta"><code>meta/v1.Time</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#time-v1-meta"><code>meta/v1.Time</code></a>
</td>
<td>
<p>ExpirationTimestamp indicates a time when the provided credentials expire.</p>
Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/reference/config-api/imagepolicy.v1alpha1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ auto_generated: true


<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta"><code>meta/v1.ObjectMeta</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta"><code>meta/v1.ObjectMeta</code></a>
</td>
<td>
<p>Standard object's metadata.
Expand Down
30 changes: 0 additions & 30 deletions content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1256,13 +1256,6 @@ Larger number = more responsive HPA processing, but more CPU (and network) load.
pods in horizontal pod autoscaler.</p>
</td>
</tr>
<tr><td><code>HorizontalPodAutoscalerUpscaleForbiddenWindow</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<p>HorizontalPodAutoscalerUpscaleForbiddenWindow is a period after which next upscale allowed.</p>
</td>
</tr>
<tr><td><code>HorizontalPodAutoscalerDownscaleStabilizationWindow</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
Expand All @@ -1271,13 +1264,6 @@ pods in horizontal pod autoscaler.</p>
backwards and not scale down below any recommendation it made during that period.</p>
</td>
</tr>
<tr><td><code>HorizontalPodAutoscalerDownscaleForbiddenWindow</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<p>HorizontalPodAutoscalerDownscaleForbiddenWindow is a period after which next downscale allowed.</p>
</td>
</tr>
<tr><td><code>HorizontalPodAutoscalerTolerance</code> <B>[Required]</B><br/>
<code>float64</code>
</td>
Expand Down Expand Up @@ -1556,22 +1542,6 @@ and persistent volume claims.</p>
<p>volumeConfiguration holds configuration for volume related features.</p>
</td>
</tr>
<tr><td><code>VolumeHostCIDRDenylist</code> <B>[Required]</B><br/>
<code>[]string</code>
</td>
<td>
<p>DEPRECATED: VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the
controller from plugins.</p>
</td>
</tr>
<tr><td><code>VolumeHostAllowLocalLoopback</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>DEPRECATED: VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc)
should be allowed from plugins.</p>
</td>
</tr>
</tbody>
</table>

Expand Down
Loading

0 comments on commit 5675366

Please sign in to comment.