diff --git a/.gitignore b/.gitignore index b45618b7bc..343cc0e0e0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ shipwright-build-controller build/_output build/_test hub-linux-* +/waiter # Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode ### Emacs ### # -*- mode: gitignore; -*- diff --git a/.ko.yaml b/.ko.yaml index 7c44ede0db..a1e09857e2 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -2,3 +2,4 @@ defaultBaseImage: registry.access.redhat.com/ubi8/ubi-minimal baseImageOverrides: github.com/shipwright-io/build/cmd/git: ghcr.io/shipwright-io/base-git:latest + github.com/shipwright-io/build/cmd/waiter: ghcr.io/shipwright-io/base-waiter:latest diff --git a/cmd/waiter/README.md b/cmd/waiter/README.md new file mode 100644 index 0000000000..6b4a8c6963 --- /dev/null +++ b/cmd/waiter/README.md @@ -0,0 +1,25 @@ + +`waiter` +-------- + +In a nutshell, it waits until the lock-file is removed. When starting the application a lock-file +(`--lock-file`) is created, and when the file is removed the `waiter` stops gracefully. When timeout +is reached, the application exits on error. + +## Usage + +Please consider `--help` to see the possible flags, the possible sub-commands are: + +```sh +waiter start +``` + +And: + +```sh +waiter done +``` \ No newline at end of file diff --git a/cmd/waiter/main.go b/cmd/waiter/main.go new file mode 100644 index 0000000000..6040c2e7ce --- /dev/null +++ b/cmd/waiter/main.go @@ -0,0 +1,113 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "log" + "os" + "time" + + "github.com/spf13/cobra" +) + +// settings composed by command-line flag values. +type settings struct { + lockFile string // path to lock file + timeout time.Duration // how long wait for 'done' +} + +const longDesc = ` +# waiter + +Idle loop to hold a container (possibly a Kubernetes POD) running while some other +action happens in the background. It is started by issuing "waiter start" and can +be stopped with "waiter done", or after timeout. + +## Usage + +Start the waiting, use --timeout to change how long: + + $ waiter start + +You can signal "done" by running: + + $ waiter done + +Or, alternatively: + + $ rm -f + +## Return-Code + +In the case of timeout, the waiter will return error, it only exits gracefully via +"waiter done", or the removal of the lock-file (before timeout). +` + +var ( + rootCmd = newRootCmd() + startCmd = newStartCmd() + doneCmd = newDoneCmd() +) + +// defaultTimeout default timeout duration. +var defaultTimeout = 60 * time.Second + +// defaultLockFile default location of the lock-file. +var defaultLockFile = "/tmp/waiter.lock" + +// flagValues receives the command-line flag values. +var flagValues = settings{} + +// init assembles the flags and the cobra sub-commands. +func init() { + flags := rootCmd.PersistentFlags() + + flags.StringVar(&flagValues.lockFile, "lock-file", defaultLockFile, "lock file full path") + flags.DurationVar(&flagValues.timeout, "timeout", defaultTimeout, "how long to wait until 'done'") + + rootCmd.AddCommand(startCmd) + rootCmd.AddCommand(doneCmd) +} + +func newRootCmd() *cobra.Command { + return &cobra.Command{ + Use: "waiter [flags]", + Short: "Will wait until `done` issued", + Long: longDesc, + } +} + +func newStartCmd() *cobra.Command { + return &cobra.Command{ + Use: "start", + Short: "Starts the wait, and holds until `done` is issued.", + SilenceUsage: true, + RunE: func(_ *cobra.Command, _ []string) error { + w := NewWaiter(flagValues) + return w.Wait() + }, + } +} + +func newDoneCmd() *cobra.Command { + return &cobra.Command{ + Use: "done", + Aliases: []string{"stop"}, + Short: "Interrupts the waiting.", + SilenceUsage: true, + RunE: func(_ *cobra.Command, _ []string) error { + w := NewWaiter(flagValues) + return w.Done() + }, + } +} + +// main waiter's entrypoint. +func main() { + if err := rootCmd.Execute(); err != nil { + log.Fatalf("[ERROR] %v\n", err) + os.Exit(1) + } + os.Exit(0) +} diff --git a/cmd/waiter/main_suite_test.go b/cmd/waiter/main_suite_test.go new file mode 100644 index 0000000000..14fb9d6918 --- /dev/null +++ b/cmd/waiter/main_suite_test.go @@ -0,0 +1,16 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestWaiterCmd(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Waiter") +} diff --git a/cmd/waiter/main_test.go b/cmd/waiter/main_test.go new file mode 100644 index 0000000000..4c32b09c70 --- /dev/null +++ b/cmd/waiter/main_test.go @@ -0,0 +1,134 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "bytes" + "os" + "os/exec" + "time" + + "github.com/onsi/gomega/gbytes" + "github.com/onsi/gomega/gexec" + "github.com/onsi/gomega/types" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Waiter", func() { + // executable path to the waiter executable file. + var executable string + + // run creates a exec.Command instance using the arguments informed. + var run = func(args ...string) *gexec.Session { + cmd := exec.Command(executable) + cmd.Args = append(cmd.Args, args...) + stdin := &bytes.Buffer{} + cmd.Stdin = stdin + + session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + + // when "start" sub-command is issued, a graceful wait takes place for the asynchronous + // instantiation of the command-line application and creation of the lock-file + for _, arg := range args { + if arg == "start" { + time.Sleep(3 * time.Second) + } + } + return session + } + + // inspectSession inspect the informed session to identify if the informed matcher is true, + // after inspection it closes the informed channel. + var inspectSession = func( + session *gexec.Session, + doneCh chan interface{}, + matcher types.GomegaMatcher, + ) { + defer GinkgoRecover() + + Eventually(session, defaultTimeout).Should(matcher) + close(doneCh) + } + + // building the command-line application before starting the test suite, it will populate the + // global variable with the path to the waiter binary compiled. + BeforeSuite(func() { + var err error + executable, err = gexec.Build("github.com/shipwright-io/build/cmd/waiter") + Expect(err).ToNot(HaveOccurred()) + }) + + AfterSuite(func() { + gexec.CleanupBuildArtifacts() + _ = os.RemoveAll(defaultLockFile) + }) + + When("--help is passed", func() { + var session *gexec.Session + + BeforeEach(func() { + session = run("--help") + }) + + It("shows the general help message", func() { + Eventually(session).Should(gbytes.Say("Usage:")) + }) + }) + + Describe("expect to succeed when lock-file removed before timeout", func() { + var startCh = make(chan interface{}) + + BeforeEach(func() { + session := run("start") + + go inspectSession(session, startCh, gexec.Exit(0)) + }) + + It("stops when lock-file is removed", func() { + err := os.RemoveAll(defaultLockFile) + Expect(err).ToNot(HaveOccurred()) + + Eventually(startCh, defaultTimeout).Should(BeClosed()) + }) + }) + + Describe("expect to succeed when `done` is issued before timeout", func() { + var startCh = make(chan interface{}) + var doneCh = make(chan interface{}) + + BeforeEach(func() { + session := run("start") + + go inspectSession(session, startCh, gexec.Exit(0)) + }) + + BeforeEach(func() { + session := run("done") + + go inspectSession(session, doneCh, gexec.Exit(0)) + }) + + It("stops when done is issued", func() { + Eventually(startCh, defaultTimeout).Should(BeClosed()) + Eventually(doneCh, defaultTimeout).Should(BeClosed()) + }) + }) + + Describe("expect to fail when timeout is reached", func() { + var startCh = make(chan interface{}) + + BeforeEach(func() { + session := run("start", "--timeout", "2s") + + go inspectSession(session, startCh, gexec.Exit(1)) + }) + + It("stops when timeout is reached", func() { + Eventually(startCh, defaultTimeout).Should(BeClosed()) + }) + }) +}) diff --git a/cmd/waiter/waiter.go b/cmd/waiter/waiter.go new file mode 100644 index 0000000000..2dc93db332 --- /dev/null +++ b/cmd/waiter/waiter.go @@ -0,0 +1,91 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "errors" + "fmt" + "log" + "os" + "strconv" + "time" +) + +// Waiter represents the actor that will wait for timeout, using a lock-file to keep it actively +// waiting. When "done" is issued the lock-file is removed and the waiter ends. +type Waiter struct { + flagValues *settings // command-line flags +} + +// ErrTimeout emitted when timeout is reached. +var ErrTimeout = errors.New("timeout waiting for condition") + +// save writes the lock-file with informed PID. +func (w *Waiter) save(pid int) error { + return os.WriteFile(w.flagValues.lockFile, []byte(strconv.Itoa(pid)), 0600) +} + +// read reads the lock-file, must contain an integer. +func (w *Waiter) read() (int, error) { + data, err := os.ReadFile(w.flagValues.lockFile) + if err != nil { + return -1, err + } + pid, err := strconv.Atoi(string(data)) + if err != nil { + return -1, err + } + return pid, nil +} + +// retry re-execute the informed function once a second until it returns true. +func retry(timeout time.Duration, fn func() bool) error { + attempts := int(timeout.Seconds()) + log.Printf("Will retry '%d' times (sleep 1s)...\n", attempts) + for i := attempts; i > 0; i-- { + if fn() { + log.Printf("Done! Condition has been reached on '%d' attempt\n", attempts-i) + return nil + } + time.Sleep(1 * time.Second) + } + return fmt.Errorf("%w: elapsed %v", ErrTimeout, timeout) +} + +// Wait wait for the lock-file to be removed, or timeout. +func (w *Waiter) Wait() error { + pid := os.Getpid() + if err := w.save(pid); err != nil { + return err + } + + // waiting for the lock-file removal... + err := retry(w.flagValues.timeout, func() bool { + _, err := os.Stat(w.flagValues.lockFile) + return err != nil && os.IsNotExist(err) + }) + if err != nil { + _ = os.RemoveAll(w.flagValues.lockFile) + } + return err +} + +// Done removes the lock-file. +func (w *Waiter) Done() error { + pid, err := w.read() + if err != nil { + return err + } + log.Printf("Removing lock-file at '%s' (%d PID)", w.flagValues.lockFile, pid) + return os.Remove(w.flagValues.lockFile) +} + +// NewWaiter instantiate a new waiter, making sure the timeout informed is acceptable. +func NewWaiter(flagValues settings) *Waiter { + if flagValues.timeout <= time.Second { + log.Printf("Warning! The timeout informed '%s' is lower than 1s!\n", flagValues.timeout) + flagValues.timeout = defaultTimeout + } + return &Waiter{flagValues: &flagValues} +} diff --git a/deploy/500-controller.yaml b/deploy/500-controller.yaml index 3f1aec695f..a3e85f0605 100644 --- a/deploy/500-controller.yaml +++ b/deploy/500-controller.yaml @@ -40,6 +40,8 @@ spec: value: ko://github.com/shipwright-io/build/cmd/mutate-image - name: BUNDLE_CONTAINER_IMAGE value: ko://github.com/shipwright-io/build/cmd/bundle + - name: WAITER_CONTAINER_IMAGE + value: ko://github.com/shipwright-io/build/cmd/waiter ports: - containerPort: 8383 name: metrics-port diff --git a/deploy/crds/shipwright.io_buildruns.yaml b/deploy/crds/shipwright.io_buildruns.yaml index 56342772fc..0f06a8cfc8 100644 --- a/deploy/crds/shipwright.io_buildruns.yaml +++ b/deploy/crds/shipwright.io_buildruns.yaml @@ -42,14 +42,10 @@ spec: description: BuildRun is the Schema representing an instance of build execution properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -69,27 +65,18 @@ spec: - name type: object env: - description: Env contains additional environment variables that should - be passed to the build container + description: Env contains additional environment variables that should be passed to the build container items: - description: EnvVar represents an environment variable present in - a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -98,49 +85,37 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified - API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -153,16 +128,13 @@ spec: description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -173,23 +145,18 @@ spec: type: object type: array output: - description: Output refers to the location where the generated image - would be pushed to. It will overwrite the output image in build - spec + description: Output refers to the location where the generated image would be pushed to. It will overwrite the output image in build spec properties: annotations: additionalProperties: type: string - description: Annotations references the additional annotations - to be applied on the image + description: Annotations references the additional annotations to be applied on the image type: object credentials: - description: Credentials references a Secret that contains credentials - to access the image registry. + description: Credentials references a Secret that contains credentials to access the image registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object image: @@ -198,18 +165,15 @@ spec: labels: additionalProperties: type: string - description: Labels references the additional labels to be applied - on the image + description: Labels references the additional labels to be applied on the image type: object required: - image type: object paramValues: - description: Params is a list of key/value that could be used to set - strategy parameters + description: Params is a list of key/value that could be used to set strategy parameters items: - description: ParamValue is a key/value that populates a strategy - parameter used in the execution of the strategy steps + description: ParamValue is a key/value that populates a strategy parameter used in the execution of the strategy steps properties: name: type: string @@ -221,9 +185,7 @@ spec: type: object type: array serviceAccount: - description: ServiceAccount refers to the kubernetes serviceaccount - which is used for resource control. Default serviceaccount will - be set if it is empty + description: ServiceAccount refers to the kubernetes serviceaccount which is used for resource control. Default serviceaccount will be set if it is empty properties: generate: description: If generates a new ServiceAccount for the build @@ -232,9 +194,29 @@ spec: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object + sources: + description: Sources slice of BuildSource, defining external build artifacts complementary to VCS (`.spec.source`) data. + items: + description: BuildSource remote artifact definition, also known as "sources". Simple "name" and "url" pairs, initially without "credentials" (authentication) support yet. + properties: + name: + description: Name instance entry. + type: string + timeout: + description: Timeout how long the BuildSource execution must take. + type: string + type: + description: Type is the BuildSource qualifier, the type of the data-source. + type: string + url: + description: URL remote artifact location. + type: string + required: + - name + type: object + type: array state: - description: State is used for canceling a buildrun (and maybe more - later on). + description: State is used for canceling a buildrun (and maybe more later on). type: string timeout: description: Timeout defines the maximum run time of this BuildRun. @@ -250,22 +232,18 @@ spec: description: BuildSpec is the Build Spec of this BuildRun. properties: builder: - description: Builder refers to the image containing the build - tools inside which the source code would be built. + description: Builder refers to the image containing the build tools inside which the source code would be built. properties: annotations: additionalProperties: type: string - description: Annotations references the additional annotations - to be applied on the image + description: Annotations references the additional annotations to be applied on the image type: object credentials: - description: Credentials references a Secret that contains - credentials to access the image registry. + description: Credentials references a Secret that contains credentials to access the image registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object image: @@ -274,41 +252,27 @@ spec: labels: additionalProperties: type: string - description: Labels references the additional labels to be - applied on the image + description: Labels references the additional labels to be applied on the image type: object required: - image type: object dockerfile: - description: Dockerfile is the path to the Dockerfile to be used - for build strategies which bank on the Dockerfile for building - an image. + description: Dockerfile is the path to the Dockerfile to be used for build strategies which bank on the Dockerfile for building an image. type: string env: - description: Env contains additional environment variables that - should be passed to the build container + description: Env contains additional environment variables that should be passed to the build container items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -317,51 +281,37 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -371,21 +321,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -396,22 +341,18 @@ spec: type: object type: array output: - description: Output refers to the location where the built image - would be pushed. + description: Output refers to the location where the built image would be pushed. properties: annotations: additionalProperties: type: string - description: Annotations references the additional annotations - to be applied on the image + description: Annotations references the additional annotations to be applied on the image type: object credentials: - description: Credentials references a Secret that contains - credentials to access the image registry. + description: Credentials references a Secret that contains credentials to access the image registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object image: @@ -420,18 +361,15 @@ spec: labels: additionalProperties: type: string - description: Labels references the additional labels to be - applied on the image + description: Labels references the additional labels to be applied on the image type: object required: - image type: object paramValues: - description: Params is a list of key/value that could be used - to set strategy parameters + description: Params is a list of key/value that could be used to set strategy parameters items: - description: ParamValue is a key/value that populates a strategy - parameter used in the execution of the strategy steps + description: ParamValue is a key/value that populates a strategy parameter used in the execution of the strategy steps properties: name: type: string @@ -443,8 +381,7 @@ spec: type: object type: array source: - description: Source refers to the Git repository containing the - source code to be built. + description: Source refers to the Git repository containing the source code to be built. properties: bundleContainer: description: BundleContainer @@ -456,56 +393,51 @@ spec: - image type: object contextDir: - description: ContextDir is a path to subfolder in the repo. - Optional. + description: ContextDir is a path to subfolder in the repo. Optional. type: string credentials: - description: Credentials references a Secret that contains - credentials to access the repository. + description: Credentials references a Secret that contains credentials to access the repository. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object revision: - description: "Revision describes the Git revision (e.g., branch, - tag, commit SHA, etc.) to fetch. \n If not defined, it will - fallback to the repository's default branch." + description: "Revision describes the Git revision (e.g., branch, tag, commit SHA, etc.) to fetch. \n If not defined, it will fallback to the repository's default branch." type: string url: description: URL describes the URL of the Git repository. type: string type: object sources: - description: Sources slice of BuildSource, defining external build - artifacts complementary to VCS (`.spec.source`) data. + description: Sources slice of BuildSource, defining external build artifacts complementary to VCS (`.spec.source`) data. items: - description: BuildSource remote artifact definition, also known - as "sources". Simple "name" and "url" pairs, initially without - "credentials" (authentication) support yet. + description: BuildSource remote artifact definition, also known as "sources". Simple "name" and "url" pairs, initially without "credentials" (authentication) support yet. properties: name: description: Name instance entry. type: string + timeout: + description: Timeout how long the BuildSource execution must take. + type: string + type: + description: Type is the BuildSource qualifier, the type of the data-source. + type: string url: description: URL remote artifact location. type: string required: - name - - url type: object type: array strategy: - description: Strategy references the BuildStrategy to use to build - the container image. + description: Strategy references the BuildStrategy to use to build the container image. properties: apiVersion: description: API version of the referent type: string kind: - description: BuildStrategyKind indicates the kind of the buildstrategy, - namespaced or cluster scoped. + description: BuildStrategyKind indicates the kind of the buildstrategy, namespaced or cluster scoped. type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' @@ -514,8 +446,7 @@ spec: - name type: object timeout: - description: Timeout defines the maximum amount of time the Build - should take to execute. + description: Timeout defines the maximum amount of time the Build should take to execute. format: duration type: string required: @@ -528,20 +459,16 @@ spec: format: date-time type: string conditions: - description: Conditions holds the latest available observations of - a resource's current state. + description: Conditions holds the latest available observations of a resource's current state. items: - description: Condition defines the required fields for populating - Build controllers Conditions + description: Condition defines the required fields for populating Build controllers Conditions properties: lastTransitionTime: - description: LastTransitionTime last time the condition transit - from one status to another. + description: LastTransitionTime last time the condition transit from one status to another. format: date-time type: string message: - description: A human readable message indicating details about - the transition. + description: A human readable message indicating details about the transition. type: string reason: description: The reason for the condition last transition. @@ -585,13 +512,10 @@ spec: type: string type: object latestTaskRunRef: - description: "LatestTaskRunRef is the name of the TaskRun responsible - for executing this BuildRun. \n TODO: This should be called something - like \"TaskRunName\"" + description: "LatestTaskRunRef is the name of the TaskRun responsible for executing this BuildRun. \n TODO: This should be called something like \"TaskRunName\"" type: string output: - description: Output holds the results emitted from step definition - of an output + description: Output holds the results emitted from step definition of an output properties: digest: description: Digest holds the digest of output image @@ -602,32 +526,25 @@ spec: type: integer type: object sources: - description: Sources holds the results emitted from the step definition - of different sources + description: Sources holds the results emitted from the step definition of different sources items: - description: SourceResult holds the results emitted from the different - sources + description: SourceResult holds the results emitted from the different sources properties: bundle: - description: Bundle holds the results emitted from from the - step definition of bundle source + description: Bundle holds the results emitted from from the step definition of bundle source properties: digest: description: Digest hold the image digest result type: string type: object git: - description: Git holds the results emitted from from the step - definition of a git source + description: Git holds the results emitted from from the step definition of a git source properties: branchName: - description: BranchName holds the default branch name of - the git source this will be set only when revision is - not specified in Build object + description: BranchName holds the default branch name of the git source this will be set only when revision is not specified in Build object type: string commitAuthor: - description: CommitAuthor holds the commit author of a git - source + description: CommitAuthor holds the commit author of a git source type: string commitSha: description: CommitSha holds the commit sha of git source diff --git a/deploy/crds/shipwright.io_builds.yaml b/deploy/crds/shipwright.io_builds.yaml index d0a77e784e..bae27a1bb2 100644 --- a/deploy/crds/shipwright.io_builds.yaml +++ b/deploy/crds/shipwright.io_builds.yaml @@ -21,8 +21,7 @@ spec: jsonPath: .status.registered name: Registered type: string - - description: The reason of the registered Build, either an error or succeed - message + - description: The reason of the registered Build, either an error or succeed message jsonPath: .status.reason name: Reason type: string @@ -44,14 +43,10 @@ spec: description: Build is the Schema representing a Build definition properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -59,22 +54,18 @@ spec: description: BuildSpec defines the desired state of Build properties: builder: - description: Builder refers to the image containing the build tools - inside which the source code would be built. + description: Builder refers to the image containing the build tools inside which the source code would be built. properties: annotations: additionalProperties: type: string - description: Annotations references the additional annotations - to be applied on the image + description: Annotations references the additional annotations to be applied on the image type: object credentials: - description: Credentials references a Secret that contains credentials - to access the image registry. + description: Credentials references a Secret that contains credentials to access the image registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object image: @@ -83,38 +74,27 @@ spec: labels: additionalProperties: type: string - description: Labels references the additional labels to be applied - on the image + description: Labels references the additional labels to be applied on the image type: object required: - image type: object dockerfile: - description: Dockerfile is the path to the Dockerfile to be used for - build strategies which bank on the Dockerfile for building an image. + description: Dockerfile is the path to the Dockerfile to be used for build strategies which bank on the Dockerfile for building an image. type: string env: - description: Env contains additional environment variables that should - be passed to the build container + description: Env contains additional environment variables that should be passed to the build container items: - description: EnvVar represents an environment variable present in - a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -123,49 +103,37 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified - API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -178,16 +146,13 @@ spec: description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -198,22 +163,18 @@ spec: type: object type: array output: - description: Output refers to the location where the built image would - be pushed. + description: Output refers to the location where the built image would be pushed. properties: annotations: additionalProperties: type: string - description: Annotations references the additional annotations - to be applied on the image + description: Annotations references the additional annotations to be applied on the image type: object credentials: - description: Credentials references a Secret that contains credentials - to access the image registry. + description: Credentials references a Secret that contains credentials to access the image registry. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object image: @@ -222,18 +183,15 @@ spec: labels: additionalProperties: type: string - description: Labels references the additional labels to be applied - on the image + description: Labels references the additional labels to be applied on the image type: object required: - image type: object paramValues: - description: Params is a list of key/value that could be used to set - strategy parameters + description: Params is a list of key/value that could be used to set strategy parameters items: - description: ParamValue is a key/value that populates a strategy - parameter used in the execution of the strategy steps + description: ParamValue is a key/value that populates a strategy parameter used in the execution of the strategy steps properties: name: type: string @@ -245,8 +203,7 @@ spec: type: object type: array source: - description: Source refers to the Git repository containing the source - code to be built. + description: Source refers to the Git repository containing the source code to be built. properties: bundleContainer: description: BundleContainer @@ -261,52 +218,48 @@ spec: description: ContextDir is a path to subfolder in the repo. Optional. type: string credentials: - description: Credentials references a Secret that contains credentials - to access the repository. + description: Credentials references a Secret that contains credentials to access the repository. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object revision: - description: "Revision describes the Git revision (e.g., branch, - tag, commit SHA, etc.) to fetch. \n If not defined, it will - fallback to the repository's default branch." + description: "Revision describes the Git revision (e.g., branch, tag, commit SHA, etc.) to fetch. \n If not defined, it will fallback to the repository's default branch." type: string url: description: URL describes the URL of the Git repository. type: string type: object sources: - description: Sources slice of BuildSource, defining external build - artifacts complementary to VCS (`.spec.source`) data. + description: Sources slice of BuildSource, defining external build artifacts complementary to VCS (`.spec.source`) data. items: - description: BuildSource remote artifact definition, also known - as "sources". Simple "name" and "url" pairs, initially without - "credentials" (authentication) support yet. + description: BuildSource remote artifact definition, also known as "sources". Simple "name" and "url" pairs, initially without "credentials" (authentication) support yet. properties: name: description: Name instance entry. type: string + timeout: + description: Timeout how long the BuildSource execution must take. + type: string + type: + description: Type is the BuildSource qualifier, the type of the data-source. + type: string url: description: URL remote artifact location. type: string required: - name - - url type: object type: array strategy: - description: Strategy references the BuildStrategy to use to build - the container image. + description: Strategy references the BuildStrategy to use to build the container image. properties: apiVersion: description: API version of the referent type: string kind: - description: BuildStrategyKind indicates the kind of the buildstrategy, - namespaced or cluster scoped. + description: BuildStrategyKind indicates the kind of the buildstrategy, namespaced or cluster scoped. type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' @@ -315,8 +268,7 @@ spec: - name type: object timeout: - description: Timeout defines the maximum amount of time the Build - should take to execute. + description: Timeout defines the maximum amount of time the Build should take to execute. format: duration type: string required: @@ -328,12 +280,10 @@ spec: description: BuildStatus defines the observed state of Build properties: message: - description: The message of the registered Build, either an error - or succeed message + description: The message of the registered Build, either an error or succeed message type: string reason: - description: The reason of the registered Build, it's an one-word - camelcase + description: The reason of the registered Build, it's an one-word camelcase type: string registered: description: The Register status of the Build diff --git a/deploy/crds/shipwright.io_buildstrategies.yaml b/deploy/crds/shipwright.io_buildstrategies.yaml index 833aa4d3fe..87dc9e5315 100644 --- a/deploy/crds/shipwright.io_buildstrategies.yaml +++ b/deploy/crds/shipwright.io_buildstrategies.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null name: buildstrategies.shipwright.io spec: @@ -22,18 +22,13 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: BuildStrategy is the Schema representing a strategy in the namespace - scope to build images from source code. + description: BuildStrategy is the Schema representing a strategy in the namespace scope to build images from source code. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -42,62 +37,31 @@ spec: properties: buildSteps: items: - description: BuildStep defines a partial step that needs to run - in container for building the image. If the build step declares - a volumeMount, Shipwright will create an emptyDir volume mount - for the named volume. Build steps which share the same named volume - in the volumeMount will share the same underlying emptyDir volume. - This behavior is deprecated, and will be removed when full volume - support is added to build strategies as specified in SHIP-0022. + description: BuildStep defines a partial step that needs to run in container for building the image. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -106,53 +70,37 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -162,22 +110,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -188,41 +130,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -231,41 +160,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -274,16 +184,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -303,66 +209,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -371,16 +249,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -400,33 +274,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -434,47 +300,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -494,120 +344,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -618,47 +419,31 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -678,81 +463,48 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: @@ -761,8 +513,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: @@ -771,210 +522,119 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. + description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -994,133 +654,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -1128,40 +726,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1169,9 +754,7 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name @@ -1179,10 +762,7 @@ spec: type: array parameters: items: - description: Parameter holds a name-description with a default value - that allows strategy steps to be parameterize. Build users can - set a value for parameter via the Build or BuildRun spec.paramValues - object. + description: Parameter holds a name-description with a default value that allows strategy steps to be parameterize. Build users can set a value for parameter via the Build or BuildRun spec.paramValues object. properties: default: description: Reasonable default value for the parameter diff --git a/deploy/crds/shipwright.io_clusterbuildstrategies.yaml b/deploy/crds/shipwright.io_clusterbuildstrategies.yaml index b4970b435b..7f74e8a11c 100644 --- a/deploy/crds/shipwright.io_clusterbuildstrategies.yaml +++ b/deploy/crds/shipwright.io_clusterbuildstrategies.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null name: clusterbuildstrategies.shipwright.io spec: @@ -22,18 +22,13 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ClusterBuildStrategy is the Schema representing a strategy in - the cluster scope to build images from source code. + description: ClusterBuildStrategy is the Schema representing a strategy in the cluster scope to build images from source code. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -42,62 +37,31 @@ spec: properties: buildSteps: items: - description: BuildStep defines a partial step that needs to run - in container for building the image. If the build step declares - a volumeMount, Shipwright will create an emptyDir volume mount - for the named volume. Build steps which share the same named volume - in the volumeMount will share the same underlying emptyDir volume. - This behavior is deprecated, and will be removed when full volume - support is added to build strategies as specified in SHIP-0022. + description: BuildStep defines a partial step that needs to run in container for building the image. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -106,53 +70,37 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -162,22 +110,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -188,41 +130,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -231,41 +160,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -274,16 +184,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -303,66 +209,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -371,16 +249,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -400,33 +274,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -434,47 +300,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -494,120 +344,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -618,47 +419,31 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -678,81 +463,48 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: @@ -761,8 +513,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: @@ -771,210 +522,119 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. + description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -994,133 +654,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is an alpha field and requires enabling - ProbeTerminationGracePeriod feature gate. - format: int64 - type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -1128,40 +726,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1169,9 +754,7 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name @@ -1179,10 +762,7 @@ spec: type: array parameters: items: - description: Parameter holds a name-description with a default value - that allows strategy steps to be parameterize. Build users can - set a value for parameter via the Build or BuildRun spec.paramValues - object. + description: Parameter holds a name-description with a default value that allows strategy steps to be parameterize. Build users can set a value for parameter via the Build or BuildRun spec.paramValues object. properties: default: description: Reasonable default value for the parameter diff --git a/pkg/apis/build/v1alpha1/build_source.go b/pkg/apis/build/v1alpha1/build_source.go index bac50004d2..2e946bc960 100644 --- a/pkg/apis/build/v1alpha1/build_source.go +++ b/pkg/apis/build/v1alpha1/build_source.go @@ -4,15 +4,34 @@ package v1alpha1 +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + // BuildSourceType enumerates build source type names. type BuildSourceType string +// LocalCopy defines a source type that waits for user input, as in a local copy into a POD. +const LocalCopy BuildSourceType = "LocalCopy" + // BuildSource remote artifact definition, also known as "sources". Simple "name" and "url" pairs, // initially without "credentials" (authentication) support yet. type BuildSource struct { // Name instance entry. Name string `json:"name"` + // Type is the BuildSource qualifier, the type of the data-source. + // + // +optional + Type BuildSourceType `json:"type,omitempty"` + + // Timeout how long the BuildSource execution must take. + // + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + // URL remote artifact location. - URL string `json:"url"` + // + // +optional + URL string `json:"url,omitempty"` } diff --git a/pkg/apis/build/v1alpha1/build_types.go b/pkg/apis/build/v1alpha1/build_types.go index da1d6d871e..63a0b710c2 100644 --- a/pkg/apis/build/v1alpha1/build_types.go +++ b/pkg/apis/build/v1alpha1/build_types.go @@ -102,6 +102,7 @@ type BuildSpec struct { // Params is a list of key/value that could be used // to set strategy parameters + // // +optional ParamValues []ParamValue `json:"paramValues,omitempty"` diff --git a/pkg/apis/build/v1alpha1/buildrun_types.go b/pkg/apis/build/v1alpha1/buildrun_types.go index d48aa67ecc..d97a334d70 100644 --- a/pkg/apis/build/v1alpha1/buildrun_types.go +++ b/pkg/apis/build/v1alpha1/buildrun_types.go @@ -25,6 +25,12 @@ type BuildRunSpec struct { // BuildRef refers to the Build BuildRef *BuildRef `json:"buildRef"` + // Sources slice of BuildSource, defining external build artifacts complementary to VCS + // (`.spec.source`) data. + // + // +optional + Sources *[]BuildSource `json:"sources,omitempty"` + // ServiceAccount refers to the kubernetes serviceaccount // which is used for resource control. // Default serviceaccount will be set if it is empty diff --git a/pkg/apis/build/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/build/v1alpha1/zz_generated.deepcopy.go index c4220b3b0f..55a278e00c 100644 --- a/pkg/apis/build/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/build/v1alpha1/zz_generated.deepcopy.go @@ -161,6 +161,17 @@ func (in *BuildRunSpec) DeepCopyInto(out *BuildRunSpec) { *out = new(BuildRef) **out = **in } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = new([]BuildSource) + if **in != nil { + in, out := *in, *out + *out = make([]BuildSource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(ServiceAccount) @@ -267,6 +278,11 @@ func (in *BuildRunStatus) DeepCopy() *BuildRunStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BuildSource) DeepCopyInto(out *BuildSource) { *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(v1.Duration) + **out = **in + } return } @@ -290,7 +306,9 @@ func (in *BuildSpec) DeepCopyInto(out *BuildSpec) { if **in != nil { in, out := *in, *out *out = make([]BuildSource, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } if in.Strategy != nil { diff --git a/pkg/config/config.go b/pkg/config/config.go index e16d5d2ee2..101c90b59f 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -41,6 +41,11 @@ const ( bundleImageEnvVar = "BUNDLE_CONTAINER_IMAGE" bundleContainerTemplateEnvVar = "BUNDLE_CONTAINER_TEMPLATE" + // environment variable to hold waiter's container image, created by ko + waiterDefaultImage = "quay.io/shipwright/waiter:latest" + waiterImageEnvVar = "WAITER_CONTAINER_IMAGE" + waiterContainerTemplateEnvVar = "WAITER_CONTAINER_TEMPLATE" + // environment variable to override the buckets metricBuildRunCompletionDurationBucketsEnvVar = "PROMETHEUS_BR_COMP_DUR_BUCKETS" metricBuildRunEstablishDurationBucketsEnvVar = "PROMETHEUS_BR_EST_DUR_BUCKETS" @@ -86,10 +91,11 @@ var ( // Config hosts different parameters that // can be set to use on the Build controllers type Config struct { - CtxTimeOut time.Duration - GitContainerTemplate, - MutateImageContainerTemplate corev1.Container + CtxTimeOut time.Duration + GitContainerTemplate corev1.Container + MutateImageContainerTemplate corev1.Container BundleContainerTemplate corev1.Container + WaiterContainerTemplate corev1.Container RemoteArtifactsContainerImage string TerminationLogPath string Prometheus PrometheusConfig @@ -186,6 +192,19 @@ func NewDefaultConfig() *Config { }, }, }, + WaiterContainerTemplate: corev1.Container{ + Image: waiterDefaultImage, + Command: []string{ + "/ko-app/waiter", + }, + Args: []string{ + "start", + }, + SecurityContext: &corev1.SecurityContext{ + RunAsUser: nonRoot, + RunAsGroup: nonRoot, + }, + }, Prometheus: PrometheusConfig{ BuildRunCompletionDurationBuckets: metricBuildRunCompletionDurationBuckets, BuildRunEstablishDurationBuckets: metricBuildRunEstablishDurationBuckets, @@ -278,6 +297,20 @@ func (c *Config) SetConfigFromEnv() error { c.BundleContainerTemplate.Image = bundleImage } + if waiterContainerTemplate := os.Getenv(waiterContainerTemplateEnvVar); waiterContainerTemplate != "" { + c.WaiterContainerTemplate = corev1.Container{} + if err := json.Unmarshal([]byte(waiterContainerTemplate), &c.WaiterContainerTemplate); err != nil { + return err + } + if c.WaiterContainerTemplate.Image == "" { + c.WaiterContainerTemplate.Image = waiterDefaultImage + } + } + + if waiterImage := os.Getenv(waiterImageEnvVar); waiterImage != "" { + c.WaiterContainerTemplate.Image = waiterImage + } + if remoteArtifactsImage := os.Getenv(remoteArtifactsEnvVar); remoteArtifactsImage != "" { c.RemoteArtifactsContainerImage = remoteArtifactsImage } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index cc4f14d9a8..7705e1a163 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -157,6 +157,61 @@ var _ = Describe("Config", func() { })) }) }) + + It("should allow for an override of the Waiter container template", func() { + var overrides = map[string]string{ + "WAITER_CONTAINER_TEMPLATE": `{"image":"myregistry/custom/image","resources":{"requests":{"cpu":"0.5","memory":"128Mi"}}}`, + } + + configWithEnvVariableOverrides(overrides, func(config *Config) { + Expect(config.WaiterContainerTemplate).To(Equal(corev1.Container{ + Image: "myregistry/custom/image", + Resources: corev1.ResourceRequirements{ + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("0.5"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + })) + }) + }) + + It("should allow for an override of the Waiter container image", func() { + var overrides = map[string]string{ + "WAITER_CONTAINER_IMAGE": "myregistry/custom/image", + } + + configWithEnvVariableOverrides(overrides, func(config *Config) { + nonRoot := pointer.Int64Ptr(1000) + Expect(config.WaiterContainerTemplate).To(Equal(corev1.Container{ + Image: "myregistry/custom/image", + Args: []string{"start"}, + SecurityContext: &corev1.SecurityContext{ + RunAsUser: nonRoot, + RunAsGroup: nonRoot, + }, + })) + }) + }) + + It("should allow for an override of the Waiter container template and image", func() { + var overrides = map[string]string{ + "WAITER_CONTAINER_TEMPLATE": `{"image":"myregistry/custom/image","resources":{"requests":{"cpu":"0.5","memory":"128Mi"}}}`, + "WAITER_CONTAINER_IMAGE": "myregistry/custom/image:override", + } + + configWithEnvVariableOverrides(overrides, func(config *Config) { + Expect(config.WaiterContainerTemplate).To(Equal(corev1.Container{ + Image: "myregistry/custom/image:override", + Resources: corev1.ResourceRequirements{ + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("0.5"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + })) + }) + }) }) }) diff --git a/pkg/reconciler/buildrun/resources/sources.go b/pkg/reconciler/buildrun/resources/sources.go index 22fd44745e..b617ce72df 100644 --- a/pkg/reconciler/buildrun/resources/sources.go +++ b/pkg/reconciler/buildrun/resources/sources.go @@ -14,19 +14,42 @@ import ( const defaultSourceName = "default" -// AmendTaskSpecWithSources adds steps, results and volumes for spec.source and spec.sources +// isLocalCopy appends all "Sources" in a single slice, and if any entry is typed "LocalCopy" it +// returns first LocalCopy typed BuildSource found, or nil. +func isLocalCopy(build *buildv1alpha1.Build, buildRun *buildv1alpha1.BuildRun) *buildv1alpha1.BuildSource { + sources := []buildv1alpha1.BuildSource{} + if build.Spec.Sources != nil { + sources = append(sources, *build.Spec.Sources...) + } + if buildRun.Spec.Sources != nil { + sources = append(sources, *buildRun.Spec.Sources...) + } + for _, source := range sources { + if source.Type == buildv1alpha1.LocalCopy { + return &source + } + } + return nil +} + +// AmendTaskSpecWithSources adds the necessary steps to either wait for user upload ("LocalCopy"), or +// alternatively, configures the Task steps to use bundle and "git clone". func AmendTaskSpecWithSources( cfg *config.Config, taskSpec *pipeline.TaskSpec, build *buildv1alpha1.Build, + buildRun *buildv1alpha1.BuildRun, ) { - // create the step for spec.source, either Git or Bundle - switch { - case build.Spec.Source.BundleContainer != nil: - sources.AppendBundleStep(cfg, taskSpec, build.Spec.Source, defaultSourceName) - - case build.Spec.Source.URL != "": - sources.AppendGitStep(cfg, taskSpec, build.Spec.Source, defaultSourceName) + if localCopy := isLocalCopy(build, buildRun); localCopy != nil { + sources.AppendLocalCopyStep(cfg, taskSpec, localCopy.Timeout) + } else { + // create the step for spec.source, either Git or Bundle + switch { + case build.Spec.Source.BundleContainer != nil: + sources.AppendBundleStep(cfg, taskSpec, build.Spec.Source, defaultSourceName) + case build.Spec.Source.URL != "": + sources.AppendGitStep(cfg, taskSpec, build.Spec.Source, defaultSourceName) + } } // create the step for spec.sources, this will eventually change into different steps depending on the type of the source diff --git a/pkg/reconciler/buildrun/resources/sources/local_copy.go b/pkg/reconciler/buildrun/resources/sources/local_copy.go new file mode 100644 index 0000000000..4b21671ba9 --- /dev/null +++ b/pkg/reconciler/buildrun/resources/sources/local_copy.go @@ -0,0 +1,25 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package sources + +import ( + "fmt" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/shipwright-io/build/pkg/config" + tektonv1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" +) + +// AppendLocalCopyStep defines and append a new task based on the waiter container template, passed +// by the configuration instance. +func AppendLocalCopyStep(cfg *config.Config, taskSpec *tektonv1beta1.TaskSpec, timeout *metav1.Duration) { + step := tektonv1beta1.Step{Container: *cfg.WaiterContainerTemplate.DeepCopy()} + step.Name = "local-copy" + + if timeout != nil { + step.Args = append(step.Args, fmt.Sprintf("--timeout=%s", timeout.Duration.String())) + } + taskSpec.Steps = append(taskSpec.Steps, step) +} diff --git a/pkg/reconciler/buildrun/resources/sources/local_copy_test.go b/pkg/reconciler/buildrun/resources/sources/local_copy_test.go new file mode 100644 index 0000000000..b6d3ae4e3b --- /dev/null +++ b/pkg/reconciler/buildrun/resources/sources/local_copy_test.go @@ -0,0 +1,38 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 +package sources_test + +import ( + "time" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + tektonv1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" + + "github.com/shipwright-io/build/pkg/config" + "github.com/shipwright-io/build/pkg/reconciler/buildrun/resources/sources" +) + +var _ = Describe("LocalCopy", func() { + cfg := config.NewDefaultConfig() + + Context("when LocalCopy source type is informed", func() { + var taskSpec *tektonv1beta1.TaskSpec + + BeforeEach(func() { + taskSpec = &tektonv1beta1.TaskSpec{} + sources.AppendLocalCopyStep(cfg, taskSpec, &metav1.Duration{Duration: time.Minute}) + }) + + It("produces a local-copy step", func() { + Expect(len(taskSpec.Results)).To(Equal(0)) + Expect(len(taskSpec.Steps)).To(Equal(1)) + Expect(taskSpec.Steps[0].Name).To(Equal("local-copy")) + Expect(taskSpec.Steps[0].Image).To(Equal(cfg.WaiterContainerTemplate.Image)) + Expect(taskSpec.Steps[0].Args).To(Equal([]string{"start", "--timeout=1m0s"})) + }) + }) +}) diff --git a/pkg/reconciler/buildrun/resources/taskrun.go b/pkg/reconciler/buildrun/resources/taskrun.go index a537b9b7ba..6ecf015098 100644 --- a/pkg/reconciler/buildrun/resources/taskrun.go +++ b/pkg/reconciler/buildrun/resources/taskrun.go @@ -127,8 +127,8 @@ func GenerateTaskSpec( generatedTaskSpec.Params = append(generatedTaskSpec.Params, InputBuilder) } - // define results, steps and volumes for sources - AmendTaskSpecWithSources(cfg, &generatedTaskSpec, build) + // define the results, steps and volumes for sources, or alternatively, wait for user upload + AmendTaskSpecWithSources(cfg, &generatedTaskSpec, build, buildRun) // Add the strategy defined parameters into the Task spec for _, p := range strategyParams { @@ -148,7 +148,6 @@ func GenerateTaskSpec( } generatedTaskSpec.Params = append(generatedTaskSpec.Params, param) - } // Combine the environment variables specified in the Build object and the BuildRun object diff --git a/test/data/build_buildah_cr_local_source_upload.yaml b/test/data/build_buildah_cr_local_source_upload.yaml new file mode 100644 index 0000000000..2f85267594 --- /dev/null +++ b/test/data/build_buildah_cr_local_source_upload.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: shipwright.io/v1alpha1 +kind: Build +metadata: + name: buildah-golang-build-local-source-upload +spec: + source: + url: https://github.com/shipwright-io/sample-go + contextDir: docker-build + strategy: + name: buildah + kind: ClusterBuildStrategy + dockerfile: Dockerfile + output: + image: image-registry.openshift-image-registry.svc:5000/build-examples/taxi-app diff --git a/test/data/buildrun_buildah_cr_local_source_upload.yaml b/test/data/buildrun_buildah_cr_local_source_upload.yaml new file mode 100644 index 0000000000..58abffd40c --- /dev/null +++ b/test/data/buildrun_buildah_cr_local_source_upload.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: shipwright.io/v1alpha1 +kind: BuildRun +metadata: + name: buildah-golang-local-source-upload +spec: + buildRef: + name: buildah-local-source-upload + sources: + - name: local-copy + type: LocalCopy diff --git a/test/e2e/e2e_local_source_upload_test.go b/test/e2e/e2e_local_source_upload_test.go new file mode 100644 index 0000000000..afb82772bf --- /dev/null +++ b/test/e2e/e2e_local_source_upload_test.go @@ -0,0 +1,104 @@ +// Copyright The Shipwright Contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package e2e_test + +import ( + "time" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + + buildv1alpha1 "github.com/shipwright-io/build/pkg/apis/build/v1alpha1" + "github.com/shipwright-io/build/test/utils" +) + +var _ = Describe("For a Kubernetes cluster with Tekton and build installed", func() { + var ( + testID string + build *buildv1alpha1.Build + buildRun *buildv1alpha1.BuildRun + ) + + AfterEach(func() { + if buildRun != nil { + testBuild.DeleteBR(buildRun.Name) + buildRun = nil + } + + if build != nil { + testBuild.DeleteBuild(build.Name) + build = nil + } + }) + + Context("when LocalCopy BuildSource is defined", func() { + BeforeEach(func() { + testID = generateTestID("local-copy") + build = createBuild( + testBuild, + testID, + "test/data/build_buildah_cr_local_source_upload.yaml", + ) + }) + + It("should generate LocalCopy TaskRun, using the waiter", func() { + var err error + buildRun, err = buildRunTestData( + testBuild.Namespace, + testID, + "test/data/buildrun_buildah_cr_local_source_upload.yaml", + ) + Expect(err).ToNot(HaveOccurred(), "Error retrieving buildrun test data") + + validateWaiterBuildRun(testBuild, buildRun) + }) + }) +}) + +func getBuildRunStatus(name types.NamespacedName) *corev1.ConditionStatus { + testBuildRun, err := testBuild.LookupBuildRun(name) + Expect(err).ToNot(HaveOccurred(), "Error retrieving the BuildRun") + + if len(testBuildRun.Status.Conditions) == 0 { + return nil + } + return &testBuildRun.Status.GetCondition(buildv1alpha1.Succeeded).Status +} + +// validateWaiterBuildRun assert the BuildRun informed will fail, since Waiter's timeout is reached +// and it causes the actual build process to fail as well. +func validateWaiterBuildRun(testBuild *utils.TestBuild, testBuildRun *buildv1alpha1.BuildRun) { + // making sure the BuildRun has been created on the cluster + if _, err := testBuild.GetBR(testBuildRun.Name); err != nil { + Expect(testBuild.CreateBR(testBuildRun)). + ToNot(HaveOccurred(), "Failed to create BuildRun") + } + + falseCondition := corev1.ConditionFalse + unknownCondition := corev1.ConditionUnknown + + buildRunName := types.NamespacedName{Namespace: testBuild.Namespace, Name: testBuildRun.Name} + + // making sure the taskrun is schedule and becomes a pod, since the build-controller will transit + // the object status from empty to unknown, when the actual build starts + Eventually(func() *corev1.ConditionStatus { + status := getBuildRunStatus(buildRunName) + Logf("BuildRun '%s' status '%v'...", buildRunName, status) + return status + }, time.Duration(60*time.Second), 3*time.Second). + Should(Equal(&unknownCondition), "BuildRun should reach unknown condition") + + // asserting the waiter step will end up in timeout, in other words, it ends as failed + Eventually(func() *corev1.ConditionStatus { + status := getBuildRunStatus(buildRunName) + Expect(status).ToNot(BeNil()) + Logf("BuildRun '%s' status '%s'...", buildRunName, *status) + return status + }, time.Duration(90*time.Second), 10*time.Second). + Should(Equal(&falseCondition), "BuildRun should end up in timeout") +}