From 649f5c897c2beed54bd53fd619b3fbe064630c15 Mon Sep 17 00:00:00 2001 From: sebhoss Date: Fri, 22 Nov 2024 10:07:55 +0000 Subject: [PATCH] Update upstream specifications to their latest version --- .../datadoghq.com/v2alpha1/datadogagents.yaml | 234 +- .../kuadrant.io/v1alpha1/dnsrecords.yaml | 12 +- .../kuadrant.io/v1/authpolicies.yaml | 5263 +++++++++++++ .../kuadrant.io/v1/ratelimitpolicies.yaml | 373 + .../kuadrant.io/v1beta1/kuadrants.yaml | 6 +- .../v1/redisenterpriseclusters.yaml | 14 + .../redisenterpriseactiveactivedatabases.yaml | 8 +- .../v1alpha1/redisenterpriseclusters.yaml | 10 + .../v1alpha1/redisenterprisedatabases.yaml | 6 +- .../redisenterpriseremoteclusters.yaml | 6 + .../v1beta1/vlogs.yaml | 25 +- .../v1beta1/vmagents.yaml | 17 +- .../v1beta1/vmalertmanagers.yaml | 12 +- .../v1beta1/vmalerts.yaml | 23 +- .../v1beta1/vmauths.yaml | 15 +- .../v1beta1/vmclusters.yaml | 13 +- .../v1beta1/vmnodescrapes.yaml | 2 + .../v1beta1/vmpodscrapes.yaml | 2 + .../v1beta1/vmprobes.yaml | 2 + .../v1beta1/vmrules.yaml | 2 +- .../v1beta1/vmscrapeconfigs.yaml | 2 + .../v1beta1/vmservicescrapes.yaml | 2 + .../v1beta1/vmsingles.yaml | 21 +- .../v1beta1/vmstaticscrapes.yaml | 2 + .../camel-k/camel.apache.org/v1/builds.yaml | 42 +- .../v1/integrationplatforms.yaml | 52 +- .../v1/integrationprofiles.yaml | 52 +- .../camel.apache.org/v1/integrations.yaml | 243 +- .../camel-k/camel.apache.org/v1/pipes.yaml | 238 +- .../apps.kubeblocks.io/v1/clusters.yaml | 4 +- .../v1/componentdefinitions.yaml | 2 +- .../apps.kubeblocks.io/v1/components.yaml | 21 +- .../rc.app.stacks/v1/runtimecomponents.yaml | 8 + .../argoproj.io/v1alpha1/applications.yaml | 236 + .../argoproj.io/v1alpha1/applicationsets.yaml | 914 ++- .../argoproj.io/v1alpha1/appprojects.yaml | 19 + .../karpenter.sh/v1/nodeclaims.yaml | 4 +- .../karpenter.sh/v1/nodepools.yaml | 6 +- .../v2/ciliumclusterwideenvoyconfigs.yaml | 2 +- .../v2/ciliumclusterwidenetworkpolicies.yaml | 2 +- .../v2/ciliumegressgatewaypolicies.yaml | 2 +- .../cilium/cilium.io/v2/ciliumendpoints.yaml | 6 +- .../cilium.io/v2/ciliumenvoyconfigs.yaml | 2 +- .../cilium.io/v2/ciliumexternalworkloads.yaml | 2 +- .../cilium/cilium.io/v2/ciliumidentities.yaml | 2 +- .../v2/ciliumlocalredirectpolicies.yaml | 2 +- .../cilium.io/v2/ciliumnetworkpolicies.yaml | 2 +- .../cilium/cilium.io/v2/ciliumnodes.yaml | 2 +- .../v2alpha1/ciliumbgppeeringpolicies.yaml | 2 +- .../cilium.io/v2alpha1/ciliumcidrgroups.yaml | 2 +- .../v2alpha1/ciliumendpointslices.yaml | 4 +- .../ciliuml2announcementpolicies.yaml | 2 +- .../v2alpha1/ciliumloadbalancerippools.yaml | 2 +- .../cilium.io/v2alpha1/ciliumpodippools.yaml | 2 +- .../digitalis.io/v1/valssecrets.yaml | 23 +- .../digitalis.io/v1beta1/dbsecrets.yaml | 6 +- .../v1beta1/clusterexternalsecrets.yaml | 2 +- .../v1beta1/externalsecrets.yaml | 2 +- .../v1alpha2/clusterfluentbitconfigs.yaml | 3 +- .../v1alpha2/clusteroutputs.yaml | 3 + .../v1alpha2/fluentbitconfigs.yaml | 3 +- .../fluentbit.fluent.io/v1alpha2/outputs.yaml | 3 + .../v1beta1/grafanadatasources.yaml | 12 +- .../v1beta1/grafanas.yaml | 5 + .../v2/teleportprovisiontokens.yaml | 29 + .../v1alpha1/cronfederatedhpas.yaml | 4 +- .../v1alpha1/federatedhpas.yaml | 2 +- .../resourceinterpretercustomizations.yaml | 16 +- ...ourceinterpreterwebhookconfigurations.yaml | 8 +- .../v1alpha1/multiclusteringresses.yaml | 10 +- .../v1alpha1/multiclusterservices.yaml | 14 +- .../v1alpha1/clusteroverridepolicies.yaml | 14 +- .../v1alpha1/clusterpropagationpolicies.yaml | 16 +- .../v1alpha1/federatedresourcequotas.yaml | 2 +- .../v1alpha1/overridepolicies.yaml | 14 +- .../v1alpha1/propagationpolicies.yaml | 16 +- .../v1alpha1/clusterresourcebindings.yaml | 6 +- .../v1alpha1/resourcebindings.yaml | 6 +- .../work.karmada.io/v1alpha1/works.yaml | 6 +- .../v1alpha2/clusterresourcebindings.yaml | 21 +- .../v1alpha2/resourcebindings.yaml | 21 +- .../kiali.io/v1alpha1/kialis.yaml | 30 + .../sonataflow.org/v1alpha08/sonataflows.yaml | 3 + .../kube-green.com/v1alpha1/sleepinfos.yaml | 2 +- .../v1alpha1/volumegroupsnapshotcontents.yaml | 23 - .../v1alpha1/volumegroupsnapshots.yaml | 23 - .../v1alpha1/bootstrapproviders.yaml | 65 +- .../v1alpha1/controlplaneproviders.yaml | 65 +- .../v1alpha1/coreproviders.yaml | 65 +- .../v1alpha1/infrastructureproviders.yaml | 65 +- .../v1alpha2/addonproviders.yaml | 122 +- .../v1alpha2/bootstrapproviders.yaml | 122 +- .../v1alpha2/controlplaneproviders.yaml | 122 +- .../v1alpha2/coreproviders.yaml | 122 +- .../v1alpha2/infrastructureproviders.yaml | 122 +- .../v1beta1/vspherefailuredomains.yaml | 113 + .../v1beta1/vspheremachines.yaml | 12 +- .../v1beta1/vspheremachinetemplates.yaml | 12 +- .../v1beta1/vspherevms.yaml | 12 +- .../v1alpha1/adminnetworkpolicies.yaml | 64 +- .../baselineadminnetworkpolicies.yaml | 60 +- .../v1alpha1/profilebindings.yaml | 2 +- .../v1alpha1/profilerecordings.yaml | 4 +- .../v1alpha1/securityprofilenodestatuses.yaml | 2 +- .../securityprofilesoperatordaemons.yaml | 64 +- .../v1alpha2/rawselinuxprofiles.yaml | 2 +- .../v1alpha2/selinuxprofiles.yaml | 2 +- .../v1beta1/seccompprofiles.yaml | 2 +- .../v1beta1/migrations.yaml | 12 + .../forklift.konveyor.io/v1beta1/plans.yaml | 12 + .../metal3.io/v1alpha1/baremetalhosts.yaml | 2 + .../v1beta2/flowcollectors.yaml | 38 +- .../v1/clusterdeploymentcustomizations.yaml | 1 - .../hive.openshift.io/v1/machinepools.yaml | 2 +- .../v1/sriovnetworknodestates.yaml | 18 + .../v1/sriovnetworkpoolconfigs.yaml | 6 + .../v1/perconaservermongodbbackups.yaml | 7 + .../v1/perconaservermongodbrestores.yaml | 7 + .../v1/perconaservermongodbs.yaml | 29 + .../v1/perconaxtradbclusterbackups.yaml | 3 + .../v1/perconaxtradbclusters.yaml | 3 + .../v1/felixconfigurations.yaml | 2 +- .../projectcontour.io/v1/httpproxies.yaml | 2 +- .../v1/tlscertificatedelegations.yaml | 2 +- .../v1alpha1/contourconfigurations.yaml | 2 +- .../v1alpha1/contourdeployments.yaml | 2 +- .../v1alpha1/extensionservices.yaml | 2 +- .../monitoring.coreos.com/v1/podmonitors.yaml | 12 +- .../monitoring.coreos.com/v1/probes.yaml | 12 +- .../v1/prometheuses.yaml | 35 +- .../v1/servicemonitors.yaml | 12 +- .../v1/thanosrulers.yaml | 26 +- .../v1alpha1/alertmanagerconfigs.yaml | 36 + .../v1alpha1/prometheusagents.yaml | 40 +- .../v1alpha1/scrapeconfigs.yaml | 42 +- .../v1beta1/alertmanagerconfigs.yaml | 36 + .../kuberay/ray.io/v1/rayclusters.yaml | 3 + .../kuberay/ray.io/v1/rayjobs.yaml | 3 + .../kuberay/ray.io/v1/rayservices.yaml | 5 + .../rook/ceph.rook.io/v1/cephblockpools.yaml | 3 + .../v1alpha1/scyllaoperatorconfigs.yaml | 50 + .../v1/authconfigs.yaml | 30 + .../gloo/gateway.solo.io/v1/gateways.yaml | 213 + .../gloo/gateway.solo.io/v1/httpgateways.yaml | 2 + .../gloo/gateway.solo.io/v1/routeoptions.yaml | 90 + .../gloo/gateway.solo.io/v1/routetables.yaml | 194 + .../v1/virtualhostoptions.yaml | 90 + .../gateway.solo.io/v1/virtualservices.yaml | 282 + .../solo-io/gloo/gloo.solo.io/v1/proxies.yaml | 5 + .../gloo/gloo.solo.io/v1/settings.yaml | 2 + .../gloo/gloo.solo.io/v1/upstreamgroups.yaml | 98 + .../gloo/gloo.solo.io/v1/upstreams.yaml | 34 + .../v1beta1/graphqlapis.yaml | 3 + .../v1alpha1/kafkaclusters.yaml | 2 +- .../v1/redisenterpriseclusters.rs | 17 + .../redisenterpriseactiveactivedatabases.rs | 9 +- .../v1alpha1/redisenterpriseclusters.rs | 12 + .../v1alpha1/redisenterprisedatabases.rs | 6 +- .../v1alpha1/redisenterpriseremoteclusters.rs | 6 + .../src/apps_kubeblocks_io/v1/clusters.rs | 4 +- .../v1/componentdefinitions.rs | 12 + .../src/apps_kubeblocks_io/v1/components.rs | 22 +- .../src/argoproj_io/v1alpha1/applications.rs | 234 + .../src/argoproj_io/v1alpha1/appprojects.rs | 16 + .../v1alpha1/cronfederatedhpas.rs | 1 - .../src/camel_apache_org/v1/builds.rs | 84 +- .../src/ceph_rook_io/v1/cephblockpools.rs | 3 + .../src/cilium_io/v2/ciliumendpoints.rs | 4 +- .../v2alpha1/ciliumendpointslices.rs | 2 +- .../resourceinterpretercustomizations.rs | 30 - ...esourceinterpreterwebhookconfigurations.rs | 8 - .../datadoghq_com/v2alpha1/datadogagents.rs | 284 +- .../src/digitalis_io/v1/valssecrets.rs | 14 +- .../v1beta1/clusterexternalsecrets.rs | 4 +- .../v1beta1/externalsecrets.rs | 4 +- .../v1beta2/flowcollectors.rs | 39 +- .../v1alpha2/clusterfluentbitconfigs.rs | 2 +- .../v1alpha2/clusteroutputs.rs | 3 + .../v1alpha2/fluentbitconfigs.rs | 2 +- .../fluentbit_fluent_io/v1alpha2/outputs.rs | 3 + .../v1beta1/migrations.rs | 9 + .../src/forklift_konveyor_io/v1beta1/plans.rs | 9 + .../v1beta1/grafanadatasources.rs | 6 +- .../v1alpha1/volumegroupsnapshotcontents.rs | 37 - .../v1alpha1/volumegroupsnapshots.rs | 36 - .../src/hive_openshift_io/v1/machinepools.rs | 2 +- .../v1beta1/vspherefailuredomains.rs | 159 + .../v1beta1/vspheremachines.rs | 24 +- .../v1beta1/vspheremachinetemplates.rs | 24 +- .../v1beta1/vspherevms.rs | 24 +- .../src/kuadrant_io/mod.rs | 1 + .../src/kuadrant_io/v1/authpolicies.rs | 7001 +++++++++++++++++ .../src/kuadrant_io/v1/mod.rs | 2 + .../src/kuadrant_io/v1/ratelimitpolicies.rs | 272 + .../src/kuadrant_io/v1alpha1/dnsrecords.rs | 4 + .../src/kube_green_com/v1alpha1/sleepinfos.rs | 4 +- kube-custom-resources-rs/src/lib.rs | 4 + .../monitoring_coreos_com/v1/podmonitors.rs | 19 + .../src/monitoring_coreos_com/v1/probes.rs | 19 + .../monitoring_coreos_com/v1/prometheuses.rs | 80 +- .../v1/servicemonitors.rs | 20 + .../monitoring_coreos_com/v1/thanosrulers.rs | 170 +- .../v1alpha1/alertmanagerconfigs.rs | 84 +- .../v1alpha1/prometheusagents.rs | 89 +- .../v1alpha1/scrapeconfigs.rs | 59 +- .../v1beta1/alertmanagerconfigs.rs | 84 +- .../v1alpha1/multiclusteringresses.rs | 6 +- .../v1alpha1/multiclusterservices.rs | 11 +- .../v1alpha1/bootstrapproviders.rs | 70 +- .../v1alpha1/controlplaneproviders.rs | 70 +- .../v1alpha1/coreproviders.rs | 70 +- .../v1alpha1/infrastructureproviders.rs | 70 +- .../v1alpha2/addonproviders.rs | 132 +- .../v1alpha2/bootstrapproviders.rs | 132 +- .../v1alpha2/controlplaneproviders.rs | 132 +- .../v1alpha2/coreproviders.rs | 132 +- .../v1alpha2/infrastructureproviders.rs | 132 +- .../v1beta1/vmnodescrapes.rs | 4 + .../v1beta1/vmpodscrapes.rs | 4 + .../v1beta1/vmprobes.rs | 4 + .../v1beta1/vmrules.rs | 2 +- .../v1beta1/vmscrapeconfigs.rs | 4 + .../v1beta1/vmservicescrapes.rs | 4 + .../v1beta1/vmstaticscrapes.rs | 4 + .../v1alpha1/clusteroverridepolicies.rs | 24 +- .../v1alpha1/clusterpropagationpolicies.rs | 16 - .../v1alpha1/overridepolicies.rs | 24 +- .../v1alpha1/propagationpolicies.rs | 16 - .../v1alpha1/adminnetworkpolicies.rs | 39 - .../v1alpha1/baselineadminnetworkpolicies.rs | 37 - .../v1/perconaservermongodbbackups.rs | 7 + .../v1/perconaservermongodbrestores.rs | 7 + .../v1/perconaxtradbclusterbackups.rs | 2 + .../v1/perconaxtradbclusters.rs | 2 + .../src/ray_io/v1/rayclusters.rs | 2 + .../src/ray_io/v1/rayjobs.rs | 2 + .../src/ray_io/v1/rayservices.rs | 4 + .../src/rc_app_stacks/v1/runtimecomponents.rs | 3 + .../v1alpha1/scyllaoperatorconfigs.rs | 10 + .../securityprofilesoperatordaemons.rs | 75 +- .../v1/sriovnetworknodestates.rs | 34 + .../v1/sriovnetworkpoolconfigs.rs | 12 + .../v1alpha2/clusterresourcebindings.rs | 21 +- .../v1alpha2/resourcebindings.rs | 21 +- 244 files changed, 19878 insertions(+), 1562 deletions(-) create mode 100644 crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml create mode 100644 crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml create mode 100644 kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs create mode 100644 kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs create mode 100644 kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs diff --git a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml index e41d10705..bcac39989 100644 --- a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml +++ b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml @@ -337,7 +337,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8126" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -558,7 +558,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8125" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -920,21 +920,43 @@ spec: description: "GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver." properties: enabled: - description: "Enable the OTLP/gRPC endpoint." + description: "Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/gRPC.\ngRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md\nThe Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`).\nDefault: `0.0.0.0:4317`." type: "string" + hostPortConfig: + description: "Enable hostPort for OTLP/gRPC\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" http: description: "HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver." properties: enabled: - description: "Enable the OTLP/HTTP endpoint." + description: "Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/HTTP.\nDefault: '0.0.0.0:4318'." type: "string" + hostPortConfig: + description: "Enable hostPorts for OTLP/HTTP\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" type: "object" type: "object" @@ -1131,6 +1153,93 @@ spec: description: "URL defines the endpoint URL." type: "string" type: "object" + env: + description: "Env contains a list of environment variables that are set for all Agents." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" fips: description: "FIPS contains configuration used to customize the FIPS proxy sidecar." properties: @@ -1335,6 +1444,20 @@ spec: description: "TLSVerify toggles kubelet TLS verification.\nDefault: true" type: "boolean" type: "object" + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: "string" + type: "object" + description: "Provide a mapping of Kubernetes Resource Groups to annotations mapping to Datadog Tags.\n:\n\t\t: \nKUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods)" + type: "object" + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: "string" + type: "object" + description: "Provide a mapping of Kubernetes Resource Groups to labels mapping to Datadog Tags.\n:\n\t\t: \nKUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods)" + type: "object" localService: description: "LocalService contains configuration to customize the internal traffic policy service." properties: @@ -1426,8 +1549,42 @@ spec: description: "Provide a mapping of Kubernetes Labels to Datadog Tags.\n: " type: "object" registry: - description: "Registry is the image registry to use for all Agent images.\nUse 'public.ecr.aws/datadog' for AWS ECR.\nUse 'docker.io/datadog' for DockerHub.\nDefault: 'gcr.io/datadoghq'" + description: "Registry is the image registry to use for all Agent images.\nUse 'public.ecr.aws/datadog' for AWS ECR.\nUse 'datadoghq.azurecr.io' for Azure Container Registry.\nUse 'gcr.io/datadoghq' for Google Container Registry.\nUse 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region.\nUse 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region.\nUse 'docker.io/datadog' for DockerHub.\nDefault: 'gcr.io/datadoghq'" type: "string" + secretBackend: + description: "Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management\nSee also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md" + properties: + args: + description: "List of arguments to pass to the command (space-separated strings)." + type: "string" + command: + description: "The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`.\nRead more about `/readsecret_multiple_providers.sh` at https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers." + type: "string" + enableGlobalPermissions: + description: "Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets.\nDefault: `false`." + type: "boolean" + roles: + description: "Roles for Datadog to read the specified secrets, replacing `enableGlobalPermissions`.\nThey are defined as a list of namespace/secrets.\nEach defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`.\nSee also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent." + items: + description: "SecretBackendRolesConfig provides configuration of the secrets Datadog agents can read for the SecretBackend feature" + properties: + namespace: + description: "Namespace defines the namespace in which the secrets reside." + type: "string" + secrets: + description: "Secrets defines the list of secrets for which a role should be created." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + timeout: + description: "The command timeout in seconds.\nDefault: `30`." + format: "int32" + type: "integer" + type: "object" site: description: "Site is the Datadog intake site Agent data are sent to.\nSet to 'datadoghq.com' to send data to the US1 site (default).\nSet to 'datadoghq.eu' to send data to the EU site.\nSet to 'us3.datadoghq.com' to send data to the US3 site.\nSet to 'us5.datadoghq.com' to send data to the US5 site.\nSet to 'ddog-gov.com' to send data to the US1-FED site.\nSet to 'ap1.datadoghq.com' to send data to the AP1 site.\nDefault: 'datadoghq.com'" type: "string" @@ -2604,6 +2761,38 @@ spec: x-kubernetes-list-map-keys: - "name" x-kubernetes-list-type: "map" + envFrom: + description: "EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables.\nPriority is env > envFrom." + items: + description: "EnvFromSource represents the source of a set of ConfigMaps" + properties: + configMapRef: + description: "The ConfigMap to select from" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + prefix: + description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." + type: "string" + secretRef: + description: "The Secret to select from" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "array" extraChecksd: description: "Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/\nSee https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details." properties: @@ -2823,6 +3012,11 @@ spec: type: "string" type: "object" type: "object" + serviceAccountAnnotations: + additionalProperties: + type: "string" + description: "Sets the ServiceAccountAnnotations used by this component." + type: "object" serviceAccountName: description: "Sets the ServiceAccount used by this component.\nIgnored if the field CreateRbac is true." type: "string" @@ -4359,7 +4553,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8126" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -4580,7 +4774,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8125" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -4942,21 +5136,43 @@ spec: description: "GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver." properties: enabled: - description: "Enable the OTLP/gRPC endpoint." + description: "Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/gRPC.\ngRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md\nThe Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`).\nDefault: `0.0.0.0:4317`." type: "string" + hostPortConfig: + description: "Enable hostPort for OTLP/gRPC\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" http: description: "HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver." properties: enabled: - description: "Enable the OTLP/HTTP endpoint." + description: "Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/HTTP.\nDefault: '0.0.0.0:4318'." type: "string" + hostPortConfig: + description: "Enable hostPorts for OTLP/HTTP\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml index 449130805..10b688d35 100644 --- a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml +++ b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml @@ -88,26 +88,30 @@ spec: - "name" type: "object" failureThreshold: - description: "FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy" + default: 5 + description: "FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy\nDefaults to 5" type: "integer" x-kubernetes-validations: - message: "Failure threshold must be greater than 0" rule: "self > 0" interval: - description: "Interval defines how frequently this probe should execute" + default: "5m" + description: "Interval defines how frequently this probe should execute\nDefaults to 5 minutes" type: "string" path: description: "Path is the path to append to the host to reach the expected health check.\nMust start with \"?\" or \"/\", contain only valid URL characters and end with alphanumeric char or \"/\". For example \"/\" or \"/healthz\" are common" pattern: "^(?:\\?|\\/)[\\w\\-.~:\\/?#\\[\\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\\/){1}$" type: "string" port: - description: "Port to connect to the host on. Must be either 80, 443 or 1024-49151" + default: 443 + description: "Port to connect to the host on. Must be either 80, 443 or 1024-49151\nDefaults to port 443" type: "integer" x-kubernetes-validations: - message: "Only ports 80, 443, 1024-49151 are allowed" rule: "self in [80, 443] || (self >= 1024 && self <= 49151)" protocol: - description: "Protocol to use when connecting to the host, valid values are \"HTTP\" or \"HTTPS\"" + default: "HTTPS" + description: "Protocol to use when connecting to the host, valid values are \"HTTP\" or \"HTTPS\"\nDefaults to HTTPS" type: "string" x-kubernetes-validations: - message: "Only HTTP or HTTPS protocols are allowed" diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml new file mode 100644 index 000000000..b997bf2c1 --- /dev/null +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml @@ -0,0 +1,5263 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.16.5" + labels: + gateway.networking.k8s.io/policy: "inherited" + name: "authpolicies.kuadrant.io" +spec: + group: "kuadrant.io" + names: + kind: "AuthPolicy" + listKind: "AuthPolicyList" + plural: "authpolicies" + singular: "authpolicy" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - description: "AuthPolicy Accepted" + jsonPath: ".status.conditions[?(@.type==\"Accepted\")].status" + name: "Accepted" + priority: 2 + type: "string" + - description: "AuthPolicy Enforced" + jsonPath: ".status.conditions[?(@.type==\"Enforced\")].status" + name: "Enforced" + priority: 2 + type: "string" + - description: "Kind of the object to which the policy aaplies" + jsonPath: ".spec.targetRef.kind" + name: "TargetKind" + priority: 2 + type: "string" + - description: "Name of the object to which the policy applies" + jsonPath: ".spec.targetRef.name" + name: "TargetName" + priority: 2 + type: "string" + - description: "Name of the section within the object to which the policy applies " + jsonPath: ".spec.targetRef.sectionName" + name: "TargetSection" + priority: 2 + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1" + schema: + openAPIV3Schema: + description: "AuthPolicy enables authentication and authorization for service workloads in a Gateway API network" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + properties: + defaults: + description: "Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides.\nUse one of: defaults, overrides, or bare set of policy rules (implicit defaults)." + properties: + patterns: + additionalProperties: + properties: + allOf: + items: + properties: + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "allOf" + type: "object" + description: "Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules." + type: "object" + rules: + description: "The auth rules of the policy.\nSee Authorino's AuthConfig CRD for more details." + properties: + authentication: + additionalProperties: + properties: + anonymous: + description: "Anonymous access." + type: "object" + apiKey: + description: "Authentication based on API keys stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + credentials: + description: "Defines where credentials are required to be passed in the request for authentication based on this config.\nIf omitted, it defaults to credentials passed in the HTTP Authorization header and the \"Bearer\" prefix prepended to the secret credential value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + defaults: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Set default property values (claims) for the resolved identity object, that are set before appending the object to\nthe authorization JSON. If the property is already present in the resolved identity object, the default value is ignored.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + jwt: + description: "Authentication based on JWT tokens." + properties: + issuerUrl: + description: "URL of the issuer of the JWT.\nIf `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint\n(i.e. \"/.well-known/openid-configuration\") to this URL, to discover the OIDC configuration where to obtain\nthe \"jkws_uri\" claim from.\nThe value must coincide with the value of the \"iss\" (issuer) claim of the discovered OpenID Connect configuration." + type: "string" + ttl: + description: "Decides how long to wait before refreshing the JWKS (in seconds).\nIf omitted, Authorino will never refresh the JWKS." + type: "integer" + type: "object" + kubernetesTokenReview: + description: "Authentication by Kubernetes token review." + properties: + audiences: + description: "The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino.\nIf omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences." + items: + type: "string" + type: "array" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + oauth2Introspection: + description: "Authentication by OAuth2 token introspection." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server." + properties: + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The full URL of the token introspection endpoint." + type: "string" + tokenTypeHint: + description: "The token type hint for the token introspection.\nIf omitted, it defaults to \"access_token\"." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + overrides: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Overrides the resolved identity object by setting the additional properties (claims) specified in this config,\nbefore appending the object to the authorization JSON.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + plain: + description: "Identity object extracted from the context.\nUse this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + x509: + description: "Authentication based on client X.509 certificates.\nThe certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate\nclients trying to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + type: "object" + description: "Authentication configs.\nAt least one config MUST evaluate to a valid identity object for the auth request to be successful." + type: "object" + authorization: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + kubernetesSubjectAccessReview: + description: "Authorization by Kubernetes SubjectAccessReview" + properties: + groups: + description: "Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC." + items: + type: "string" + type: "array" + resourceAttributes: + description: "Use resourceAttributes to check permissions on Kubernetes resources.\nIf omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request." + properties: + group: + description: "API group of the resource.\nUse '*' for all API groups." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + description: "Resource name\nOmit it to check for authorization on all resources of the specified kind." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + namespace: + description: "Namespace where the user must have permissions on the resource." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "Resource kind\nUse '*' for all resource kinds." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + subresource: + description: "Subresource kind" + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + verb: + description: "Verb to check for authorization on the resource.\nUse '*' for all verbs." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + user: + description: "User to check for authorization in the Kubernetes RBAC.\nOmit it to check for group authorization only." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + opa: + description: "Open Policy Agent (OPA) Rego policy." + properties: + allValues: + default: false + description: "Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline.\nOtherwise, only the default `allow` rule will be exposed.\nReturning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime." + type: "boolean" + externalPolicy: + description: "Settings for fetching the OPA policy from an external registry.\nUse it alternatively to 'rego'.\nFor the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters',\n'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'." + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + ttl: + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + rego: + description: "Authorization policy as a Rego language document.\nThe Rego document must include the \"allow\" condition, set by Authorino to \"false\" by default (i.e. requests are unauthorized unless changed).\nThe Rego document must NOT include the \"package\" declaration in line 1." + type: "string" + type: "object" + patternMatching: + description: "Pattern-matching authorization rules." + properties: + patterns: + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "patterns" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + spicedb: + description: "Authorization decision delegated to external Authzed/SpiceDB server." + properties: + endpoint: + description: "Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051)." + type: "string" + insecure: + description: "Insecure HTTP connection (i.e. disables TLS verification)" + type: "boolean" + permission: + description: "The name of the permission (or relation) on which to execute the check." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "The resource on which to check the permission or relation." + properties: + kind: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + subject: + description: "The subject that will be checked for the permission or relation." + properties: + kind: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "endpoint" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Authorization policies.\nAll policies MUST evaluate to \"allowed = true\" for the auth request be successful." + type: "object" + callbacks: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "Settings of the external HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "http" + type: "object" + description: "Callback functions.\nAuthorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config." + type: "object" + metadata: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "External source of auth metadata via HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + uma: + description: "User-Managed Access (UMA) source of resource data." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server." + properties: + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The endpoint of the UMA server.\nThe value must coincide with the \"issuer\" claim of the UMA config discovered from the well-known uma configuration endpoint." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + userInfo: + description: "OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig." + properties: + identitySource: + description: "The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC \"userinfo_endpoint\" claim." + type: "string" + required: + - "identitySource" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Metadata sources.\nAuthorino fetches auth metadata as JSON from sources specified in this config." + type: "object" + response: + description: "Response items.\nAuthorino builds custom responses to the client of the auth request." + properties: + success: + description: "Response items to be included in the auth response when the request is authenticated and authorized.\nFor integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request." + properties: + filters: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + json: + description: "JSON object\nSpecify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON." + properties: + properties: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "properties" + type: "object" + key: + description: "The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object).\nIf omitted, it will be set to the name of the response config." + type: "string" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + plain: + description: "Plain text content" + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + wristband: + description: "Authorino Festival Wristband token" + properties: + customClaims: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default." + type: "object" + issuer: + description: "The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /://:/, where = /://:/, where = /://:/, where = /://:/, where = /://:/, where = / The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + strategy: + default: "atomic" + description: "Strategy defines the merge strategy to apply when merging this policy with other policies." + enum: + - "atomic" + - "merge" + type: "string" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + limits: + additionalProperties: + description: "Limit represents a complete rate limit configuration" + properties: + counters: + description: "Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors" + items: + properties: + expression: + description: "Expression defines one CEL expression\nExpression can use well known attributes\nAttributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes\nWell-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors\nThey are named by a dot-separated path (e.g. request.path)\nExample: \"request.path\" -> The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + overrides: + description: "Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides.\nUse one of: defaults, overrides, or bare set of policy rules (implicit defaults)." + properties: + limits: + additionalProperties: + description: "Limit represents a complete rate limit configuration" + properties: + counters: + description: "Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors" + items: + properties: + expression: + description: "Expression defines one CEL expression\nExpression can use well known attributes\nAttributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes\nWell-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors\nThey are named by a dot-separated path (e.g. request.path)\nExample: \"request.path\" -> The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + strategy: + default: "atomic" + description: "Strategy defines the merge strategy to apply when merging this policy with other policies." + enum: + - "atomic" + - "merge" + type: "string" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + targetRef: + description: "Reference to the object to which this policy applies." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + sectionName: + description: "SectionName is the name of a section within the target resource. When\nunspecified, this targetRef targets the entire resource. In the following\nresources, SectionName is interpreted as the following:\n\n* Gateway: Listener name\n* HTTPRoute: HTTPRouteRule name\n* Service: Port name\n\nIf a SectionName is specified, but does not exist on the targeted object,\nthe Policy must fail to attach, and the policy implementation should record\na `ResolvedRefs` or similar Condition in the Policy's status." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + x-kubernetes-validations: + - message: "Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" + rule: "self.group == 'gateway.networking.k8s.io'" + - message: "Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" + rule: "self.kind == 'HTTPRoute' || self.kind == 'Gateway'" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + required: + - "targetRef" + type: "object" + x-kubernetes-validations: + - message: "Implicit and explicit defaults are mutually exclusive" + rule: "!(has(self.defaults) && has(self.limits))" + - message: "Overrides and explicit defaults are mutually exclusive" + rule: "!(has(self.defaults) && has(self.overrides))" + - message: "Overrides and implicit defaults are mutually exclusive" + rule: "!(has(self.overrides) && has(self.limits))" + - message: "At least one spec.limits must be defined" + rule: "!(has(self.overrides) || has(self.defaults)) ? has(self.limits) && size(self.limits) > 0 : true" + - message: "At least one spec.overrides.limits must be defined" + rule: "has(self.overrides) ? has(self.overrides.limits) && size(self.overrides.limits) > 0 : true" + - message: "At least one spec.defaults.limits must be defined" + rule: "has(self.defaults) ? has(self.defaults.limits) && size(self.defaults.limits) > 0 : true" + status: + properties: + conditions: + description: "Represents the observations of a foo's current state.\nKnown .status.conditions.type are: \"Available\"" + items: + description: "Condition contains details for one aspect of the current state of this API Resource." + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase." + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + observedGeneration: + description: "ObservedGeneration reflects the generation of the most recently observed spec." + format: "int64" + type: "integer" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml index 2c6828756..419f551b5 100644 --- a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "kuadrants.kuadrant.io" spec: group: "kuadrant.io" @@ -43,7 +43,7 @@ spec: conditions: description: "Represents the observations of a foo's current state.\nKnown .status.conditions.type are: \"Available\"" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -72,7 +72,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml index 70fde8318..19669e38b 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml @@ -382,6 +382,9 @@ spec: cacheTTLSeconds: description: "The maximum TTL of cached entries." type: "integer" + directoryTimeoutSeconds: + description: "The connection timeout to the LDAP server when authenticating a user, in seconds" + type: "integer" enabledForControlPlane: description: "Whether to enable LDAP for control plane access. Disabled by default." type: "boolean" @@ -7324,6 +7327,17 @@ spec: - "version" type: "object" type: "array" + certificatesStatus: + description: "Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters." + properties: + generation: + description: "Generation stores the version of the cluster's Proxy and Syncer certificate secrets. In Active-Active databases, when a user updates the proxy or syncer certificate, a crdb-update command needs to be triggered to avoid potential sync issues. This helps the REAADB controller detect a change in a certificate and trigger a crdb-update. The version of the cluster's Proxy certificate secret." + format: "int64" + type: "integer" + updateStatus: + description: "The status of the cluster's certificates update" + type: "string" + type: "object" ingressOrRouteMethodStatus: description: "The ingressOrRouteSpec/ActiveActive spec method that exist" type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml index 658277401..2be532b3c 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml @@ -60,7 +60,7 @@ spec: - "participatingClusterName" type: "object" alertSettings: - description: "Settings for database alerts" + description: "Settings for database alerts. Note - Alert settings are not supported for Active-Active database." properties: bdb_backup_delayed: description: "Periodic backup has been delayed for longer than specified threshold value [minutes]" @@ -425,7 +425,7 @@ spec: - "name" type: "object" redisVersion: - description: "Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'" + description: "Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database." type: "string" replicaSources: description: "What databases to replicate from" @@ -541,6 +541,10 @@ spec: status: description: "RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase" properties: + clusterCertificatesGeneration: + description: "Versions of the cluster's Proxy and Syncer certificates. In Active-Active databases, these are used to detect updates to the certificates, and trigger synchronization across the participating clusters. ." + format: "int64" + type: "integer" guid: description: "The active-active database corresponding GUID." type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml index 1f91d68f1..bb9f8cad0 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml @@ -320,6 +320,8 @@ spec: type: "string" cacheTTLSeconds: type: "integer" + directoryTimeoutSeconds: + type: "integer" enabledForControlPlane: type: "boolean" enabledForDataPlane: @@ -7162,6 +7164,14 @@ spec: - "version" type: "object" type: "array" + certificatesStatus: + properties: + generation: + format: "int64" + type: "integer" + updateStatus: + type: "string" + type: "object" ingressOrRouteMethodStatus: type: "string" licenseStatus: diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml index 032f0e10c..701372be8 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml @@ -315,7 +315,7 @@ spec: description: "memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB." type: "string" modulesList: - description: "List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map." + description: "List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. Note - if you do not want to upgrade to the latest version you must set upgradeSpec -> upgradeModulesToLatest to false. if you specify a version and do not set the upgradeModulesToLatest it can result errors in the operator. in addition, the option to specify specific version is Deprecated and will be deleted in next releases." items: description: "Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/" properties: @@ -326,7 +326,7 @@ spec: description: "The module's name e.g \"ft\" for redissearch" type: "string" version: - description: "Module's semantic version e.g \"1.6.12\" - optional only in REDB, must be set in REAADB" + description: "DEPRECATED - Module's semantic version e.g \"1.6.12\" - optional only in REDB, must be set in REAADB" type: "string" required: - "name" @@ -448,7 +448,7 @@ spec: description: "Specifications for DB upgrade." properties: upgradeModulesToLatest: - description: "Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifing the version. in addition, This field is currently not supported for Active-Active databases." + description: "DEPRECATED Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifying the version. in addition, This field is currently not supported for Active-Active databases. The default is true" type: "boolean" required: - "upgradeModulesToLatest" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml index 0c766ef28..b4fbf2506 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml @@ -41,6 +41,9 @@ spec: apiFqdnUrl: description: "The URL of the cluster, will be used for the active-active database URL." type: "string" + apiPort: + description: "The port number of the cluster's URL used for connectivity/sync" + type: "integer" dbFqdnSuffix: description: "The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI." type: "string" @@ -60,6 +63,9 @@ spec: type: "object" status: properties: + internalObservedSecretResourceVersion: + description: "The observed secret resource version. Used for internal purposes only." + type: "string" local: description: "Indicates whether this object represents a local or a remote cluster." type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml index 4dbb90431..e88de7424 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml @@ -28,10 +28,13 @@ spec: jsonPath: ".status.status" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: - description: "VLogs is the Schema for the vlogs API" + description: "VLogs is fast, cost-effective and scalable logs database.\nVLogs is the Schema for the vlogs API" properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -605,25 +608,29 @@ spec: description: "VLogsStatus defines the observed state of VLogs" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines a reason in case of update failure" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: - description: "ReplicaCount Total number of non-terminated pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" - status: - description: "UpdateStatus defines a status of vlogs instance rollout" - type: "string" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml index 3c9a81b8c..ee8c607c6 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml @@ -36,6 +36,9 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -2861,11 +2864,15 @@ spec: description: "VMAgentStatus defines the observed state of VMAgent" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds)\ntargeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: description: "ReplicaCount Total number of pods targeted by this VMAgent" @@ -2879,14 +2886,14 @@ spec: format: "int32" type: "integer" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster." + description: "Deprecated" format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent\ncluster that have the desired version spec." + description: "Deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml index 375d2e6bf..282937797 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml @@ -26,10 +26,6 @@ spec: scope: "Namespaced" versions: - additionalPrinterColumns: - - description: "The version of VMAlertmanager" - jsonPath: ".spec.image.tag" - name: "Version" - type: "string" - description: "The desired replicas number of Alertmanagers" jsonPath: ".spec.replicaCount" name: "ReplicaCount" @@ -1426,11 +1422,15 @@ spec: status: description: "Most recent observed status of the VMAlertmanager cluster.\nOperator API itself. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason has non empty reason for update failure" + description: "Reason defines fail reason for reconcile process" type: "string" updateStatus: - description: "Status defines a status of object update" + description: "UpdateStatus defines a status for update rollout" type: "string" type: "object" required: diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml index 306d5da7b..47ead9d01 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml @@ -28,6 +28,13 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - description: "The desired replicas number of Alertmanagers" + jsonPath: ".spec.replicaCount" + name: "ReplicaCount" + type: "integer" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -1221,25 +1228,29 @@ spec: description: "VMAlertStatus defines the observed state of VMAlert" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds)\ntargeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: - description: "ReplicaCount Total number of non-terminated pods targeted by this VMAlert\ncluster (their labels match the selector)." + description: "Deprecated" format: "int32" type: "integer" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert\ncluster that have the desired version spec." + description: "Deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml index e80844bd1..f2421ff48 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml @@ -28,6 +28,13 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + - description: "The desired replicas number of Alertmanagers" + jsonPath: ".spec.replicaCount" + name: "ReplicaCount" + type: "integer" name: "v1beta1" schema: openAPIV3Schema: @@ -981,11 +988,15 @@ spec: status: description: "VMAuthStatus defines the observed state of VMAuth" properties: + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" type: "object" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml index 9ec5aa599..1b63a7890 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml @@ -40,7 +40,7 @@ spec: name: "Age" type: "date" - description: "Current status of cluster" - jsonPath: ".status.clusterStatus" + jsonPath: ".status.updateStatus" name: "Status" type: "string" name: "v1beta1" @@ -2481,17 +2481,22 @@ spec: status: description: "VMClusterStatus defines the observed state of VMCluster" properties: - clusterStatus: - description: "UpdateStatus defines status for application" - type: "string" lastSync: description: "Deprecated." type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: + description: "Reason defines fail reason for reconcile process" type: "string" updateFailCount: description: "Deprecated." type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" required: - "updateFailCount" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml index 9843e2867..cbd3178b8 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml @@ -350,6 +350,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml index 919aa49e8..461426c10 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml @@ -384,6 +384,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml index 6246a3f9f..3f686daa9 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml @@ -300,6 +300,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml index bdc25ea67..783c58ad1 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml @@ -144,7 +144,7 @@ spec: description: "Tenant id for group, can be used only with enterprise version of vmalert.\nSee more details [here](https://docs.victoriametrics.com/vmalert#multitenancy)." type: "string" type: - description: "Type defines datasource type for enterprise version of vmalert\npossible values - prometheus,graphite" + description: "Type defines datasource type for enterprise version of vmalert\npossible values - prometheus,graphite,vlogs" type: "string" required: - "name" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml index e1857fd56..62751b28a 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml @@ -2525,6 +2525,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml index 54b18944f..10f360de6 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml @@ -373,6 +373,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml index e5ba38059..89e11b69f 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml @@ -25,9 +25,12 @@ spec: versions: - additionalPrinterColumns: - description: "Current status of single node update process" - jsonPath: ".status.singleStatus" + jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -413,7 +416,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true storage: - description: "Storage is the definition of how storage will be used by the VMSingle\nby default it`s empty dir" + description: "Storage is the definition of how storage will be used by the VMSingle\nby default it`s empty dir\nthis option is ignored if storageDataPath is set" properties: accessModes: description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" @@ -526,7 +529,7 @@ spec: type: "string" type: "object" storageDataPath: - description: "StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath,\nits users responsibility to mount proper device into given path." + description: "StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath,\nits users responsibility to mount proper device into given path.\nIt requires to provide spec.volumes and spec.volumeMounts with at least 1 value" type: "string" storageMetadata: description: "StorageMeta defines annotations and labels attached to PVC for given vmsingle CR" @@ -1091,20 +1094,24 @@ spec: description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle." format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines a reason in case of update failure" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: description: "ReplicaCount Total number of non-terminated pods targeted by this VMSingle." format: "int32" type: "integer" - singleStatus: - description: "UpdateStatus defines a status of single node rollout" - type: "string" unavailableReplicas: description: "UnavailableReplicas Total number of unavailable pods targeted by this VMSingle." format: "int32" type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" updatedReplicas: description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMSingle." format: "int32" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml index 5de16c245..8d1de7354 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml @@ -365,6 +365,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml index 9cca00731..9b310d406 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml @@ -287,7 +287,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -342,7 +343,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -358,7 +360,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -451,7 +454,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -467,7 +471,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -487,7 +492,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -503,7 +509,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1025,7 +1032,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1080,7 +1088,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1096,7 +1105,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1189,7 +1199,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1205,7 +1216,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1225,7 +1237,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1241,7 +1254,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index 4a5b79213..4c0557295 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -135,7 +135,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -190,7 +191,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -206,7 +208,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -232,7 +235,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -248,7 +252,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -268,7 +273,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -284,7 +290,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -591,6 +598,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -616,6 +624,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -775,7 +784,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -980,6 +989,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -1694,7 +1704,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1749,7 +1760,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1765,7 +1777,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1791,7 +1804,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1807,7 +1821,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1827,7 +1842,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1843,7 +1859,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2192,6 +2209,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -2217,6 +2235,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -2376,7 +2395,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -2581,6 +2600,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml index e1ec5ed29..1903c99b1 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml @@ -61,7 +61,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -116,7 +117,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -132,7 +134,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -158,7 +161,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -174,7 +178,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -194,7 +199,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -210,7 +216,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -485,6 +492,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -510,6 +518,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -669,7 +678,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -874,6 +883,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -1530,7 +1540,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1585,7 +1596,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1601,7 +1613,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1627,7 +1640,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1643,7 +1657,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1663,7 +1678,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1679,7 +1695,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1991,6 +2008,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -2016,6 +2034,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -2175,7 +2194,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -2380,6 +2399,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index 8c7f57cc9..63e6e5d9c 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -209,11 +209,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -235,7 +237,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -284,7 +287,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -298,6 +302,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -307,7 +314,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -321,7 +329,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -330,6 +339,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -350,6 +360,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -373,6 +384,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -425,6 +437,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -448,6 +461,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -501,6 +515,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -541,6 +556,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -637,6 +653,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -677,6 +694,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -791,6 +809,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -800,12 +830,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -883,6 +915,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -923,6 +956,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1005,6 +1039,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -1014,7 +1051,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1022,6 +1059,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1033,6 +1073,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1053,11 +1096,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1079,7 +1124,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1128,7 +1174,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1142,6 +1189,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1151,7 +1201,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1165,7 +1216,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1174,6 +1226,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" @@ -1194,6 +1247,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1217,6 +1271,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1269,6 +1324,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1292,6 +1348,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1345,6 +1402,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1385,6 +1443,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1481,6 +1540,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1521,6 +1581,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1635,6 +1696,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -1644,12 +1717,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1727,6 +1802,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1767,6 +1843,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1852,6 +1929,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: @@ -1861,7 +1941,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1869,6 +1949,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1880,6 +1963,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1897,11 +1983,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1923,7 +2011,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1972,7 +2061,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1986,6 +2076,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1995,7 +2088,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2009,7 +2103,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2018,6 +2113,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -2038,6 +2134,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2061,6 +2158,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2113,6 +2211,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2136,6 +2235,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2189,6 +2289,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2229,6 +2330,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2325,6 +2427,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2365,6 +2468,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2479,6 +2583,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -2488,12 +2604,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2571,6 +2689,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2611,6 +2730,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2693,6 +2813,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -2702,7 +2825,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -2710,6 +2833,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -2721,6 +2847,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -2739,6 +2868,18 @@ spec: securityContext: description: "PodSecurityContext" properties: + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" fsGroup: description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" @@ -2791,6 +2932,7 @@ spec: format: "int64" type: "integer" type: "array" + x-kubernetes-list-type: "atomic" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -2807,6 +2949,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" windowsOptions: description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: @@ -2852,11 +2995,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2875,7 +3020,7 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: @@ -2969,6 +3114,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" path: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" @@ -2982,7 +3128,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3005,7 +3152,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3042,8 +3190,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3063,7 +3213,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3091,7 +3242,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3134,6 +3285,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" emptyDir: description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" @@ -3166,6 +3318,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: @@ -3243,11 +3396,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3259,7 +3414,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3290,11 +3445,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" wwids: description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" flexVolume: description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." @@ -3317,7 +3474,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3426,6 +3584,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" readOnly: description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" @@ -3433,7 +3592,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3537,11 +3697,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3587,8 +3749,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3604,7 +3768,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3647,6 +3811,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -3671,8 +3836,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -3697,6 +3864,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" quobyte: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" @@ -3740,6 +3908,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" pool: description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" @@ -3750,7 +3919,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3780,7 +3950,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3831,6 +4002,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" optional: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" @@ -3851,7 +4023,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4109,6 +4282,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -4134,6 +4308,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -4293,7 +4468,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -4498,6 +4673,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -5591,6 +5767,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -5616,6 +5793,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -5775,7 +5953,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -5980,6 +6158,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index ebf7f4c4b..060a74f37 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -196,11 +196,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -222,7 +224,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -271,7 +274,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -285,6 +289,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -294,7 +301,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -308,7 +316,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -317,6 +326,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -337,6 +347,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -360,6 +371,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -412,6 +424,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -435,6 +448,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -488,6 +502,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -528,6 +543,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -624,6 +640,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -664,6 +681,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -778,6 +796,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -787,12 +817,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -870,6 +902,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -910,6 +943,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -992,6 +1026,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -1001,7 +1038,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1009,6 +1046,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1020,6 +1060,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1040,11 +1083,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1066,7 +1111,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1115,7 +1161,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1129,6 +1176,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1138,7 +1188,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1152,7 +1203,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1161,6 +1213,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" @@ -1181,6 +1234,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1204,6 +1258,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1256,6 +1311,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1279,6 +1335,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1332,6 +1389,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1372,6 +1430,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1468,6 +1527,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1508,6 +1568,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1622,6 +1683,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -1631,12 +1704,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1714,6 +1789,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1754,6 +1830,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1839,6 +1916,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: @@ -1848,7 +1928,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1856,6 +1936,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1867,6 +1950,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1884,11 +1970,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1910,7 +1998,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1959,7 +2048,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1973,6 +2063,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1982,7 +2075,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1996,7 +2090,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2005,6 +2100,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -2025,6 +2121,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2048,6 +2145,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2100,6 +2198,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2123,6 +2222,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2176,6 +2276,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2216,6 +2317,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2312,6 +2414,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2352,6 +2455,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2466,6 +2570,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -2475,12 +2591,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2558,6 +2676,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2598,6 +2717,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2680,6 +2800,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -2689,7 +2812,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -2697,6 +2820,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -2708,6 +2834,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -2726,6 +2855,18 @@ spec: securityContext: description: "PodSecurityContext" properties: + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" fsGroup: description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" @@ -2778,6 +2919,7 @@ spec: format: "int64" type: "integer" type: "array" + x-kubernetes-list-type: "atomic" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -2794,6 +2936,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" windowsOptions: description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: @@ -2839,11 +2982,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2862,7 +3007,7 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: @@ -2956,6 +3101,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" path: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" @@ -2969,7 +3115,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2992,7 +3139,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3029,8 +3177,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3050,7 +3200,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3078,7 +3229,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3121,6 +3272,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" emptyDir: description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" @@ -3153,6 +3305,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: @@ -3230,11 +3383,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3246,7 +3401,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3277,11 +3432,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" wwids: description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" flexVolume: description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." @@ -3304,7 +3461,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3413,6 +3571,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" readOnly: description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" @@ -3420,7 +3579,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3524,11 +3684,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3574,8 +3736,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3591,7 +3755,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3634,6 +3798,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -3658,8 +3823,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -3684,6 +3851,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" quobyte: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" @@ -3727,6 +3895,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" pool: description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" @@ -3737,7 +3906,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3767,7 +3937,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3818,6 +3989,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" optional: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" @@ -3838,7 +4010,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4096,6 +4269,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -4121,6 +4295,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -4280,7 +4455,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -4485,6 +4660,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml index f58115c08..a26e64a08 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml @@ -2917,7 +2917,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." + description: "Overrides services defined in referenced ComponentDefinition." items: properties: annotations: @@ -7703,7 +7703,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." + description: "Overrides services defined in referenced ComponentDefinition." items: properties: annotations: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml index e2bb2712e..2923104ba 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml @@ -2411,7 +2411,7 @@ spec: type: "integer" type: "object" dataDump: - description: "Defines the procedure for exporting the data from a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nApplicability:\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nThe output should be a valid data dump streamed to stdout. It must exclude any irrelevant information to ensure\nthat only the necessary data is exported for import into the new replica.\n\n\nNote: This field is immutable once it has been set." + description: "Defines the procedure for exporting the data from a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nApplicability:\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nThe output should be a valid data dump streamed to stdout. It must exclude any irrelevant information to ensure\nthat only the necessary data is exported for import into the new replica.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded.\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml index 14feaab45..22336775b 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml @@ -2825,7 +2825,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides Services defined in referenced ComponentDefinition and exposes endpoints that can be accessed by clients." + description: "Overrides Services defined in referenced ComponentDefinition." items: description: "ComponentService defines a service that would be exposed as an inter-component service within a Cluster.\nA Service defined in the ComponentService is expected to be accessed by other Components within the same Cluster.\n\n\nWhen a Component needs to use a ComponentService provided by another Component within the same Cluster,\nit can declare a variable in the `componentDefinition.spec.vars` section and bind it to the specific exposed address\nof the ComponentService using the `serviceVarRef` field." properties: @@ -2976,6 +2976,25 @@ spec: - "name" type: "object" type: "array" + sidecars: + description: "Specifies the sidecars to be injected into the Component." + items: + properties: + name: + description: "Name specifies the unique name of the sidecar.\n\n\nThe name will be used as the name of the sidecar container in the Pod." + type: "string" + owner: + description: "Specifies the exact component definition that the sidecar belongs to.\n\n\nA sidecar will be updated when the owner component definition is updated only." + type: "string" + sidecarDef: + description: "Specifies the sidecar definition CR to be used to create the sidecar." + type: "string" + required: + - "name" + - "owner" + - "sidecarDef" + type: "object" + type: "array" stop: description: "Stop the Component.\nIf set, all the computing resources will be released." type: "boolean" diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml index 3d840f1fb..26ab586cf 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml @@ -4872,6 +4872,10 @@ spec: type: description: "Defines the type of status condition." type: "string" + unchangedConditionCount: + description: "The count of the number of reconciles the condition status type has not changed." + format: "int32" + type: "integer" type: "object" type: "array" x-kubernetes-list-type: "atomic" @@ -4897,6 +4901,10 @@ spec: description: "The generation identifier of this RuntimeComponent instance completely reconciled by the Operator." format: "int64" type: "integer" + reconcileInterval: + description: "The reconciliation interval in seconds." + format: "int32" + type: "integer" references: additionalProperties: type: "string" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml index 8f8d579b6..2b3535ecc 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml @@ -96,6 +96,10 @@ spec: sync: description: "Sync contains parameters for the operation" properties: + autoHealAttemptsCount: + description: "SelfHealAttemptsCount contains the number of auto-heal attempts" + format: "int64" + type: "integer" dryRun: description: "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync" type: "boolean" @@ -196,6 +200,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -212,6 +221,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -256,6 +271,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -286,6 +306,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -474,6 +497,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -490,6 +518,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -534,6 +568,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -564,6 +603,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -842,6 +884,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -858,6 +905,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -902,6 +955,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -932,6 +990,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1120,6 +1181,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1136,6 +1202,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1180,6 +1252,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1210,6 +1287,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1528,6 +1608,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1544,6 +1629,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1588,6 +1679,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1618,6 +1714,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1806,6 +1905,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1822,6 +1926,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1866,6 +1976,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1896,6 +2011,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2090,6 +2208,10 @@ spec: sync: description: "Sync contains parameters for the operation" properties: + autoHealAttemptsCount: + description: "SelfHealAttemptsCount contains the number of auto-heal attempts" + format: "int64" + type: "integer" dryRun: description: "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync" type: "boolean" @@ -2190,6 +2312,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2206,6 +2333,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2250,6 +2383,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2280,6 +2418,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2468,6 +2609,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2484,6 +2630,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2528,6 +2680,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2558,6 +2715,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2847,6 +3007,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2863,6 +3028,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2907,6 +3078,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2937,6 +3113,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3125,6 +3304,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3141,6 +3325,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3185,6 +3375,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3215,6 +3410,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3526,6 +3724,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3542,6 +3745,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3586,6 +3795,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3616,6 +3830,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3804,6 +4021,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3820,6 +4042,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3864,6 +4092,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3894,6 +4127,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml index d28e5e45d..4ffd5b10d 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml @@ -51,11 +51,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -193,6 +195,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -204,6 +210,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -235,6 +245,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -257,6 +271,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -409,6 +425,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -420,6 +440,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -451,6 +475,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -473,6 +501,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -648,11 +678,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -785,6 +817,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -796,6 +832,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -827,6 +867,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -849,6 +893,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1001,6 +1047,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1012,6 +1062,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1043,6 +1097,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1065,6 +1123,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1380,6 +1440,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1391,6 +1455,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1422,6 +1490,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1444,6 +1516,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1596,6 +1670,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1607,6 +1685,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1638,6 +1720,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1660,6 +1746,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1955,6 +2043,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1966,6 +2058,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1997,6 +2093,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2019,6 +2119,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2171,6 +2273,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2182,6 +2288,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2213,6 +2323,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2235,6 +2349,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2411,11 +2527,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2553,6 +2671,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2564,6 +2686,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2595,6 +2721,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2617,6 +2747,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2769,6 +2901,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2780,6 +2916,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2811,6 +2951,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2833,6 +2977,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3008,11 +3154,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3145,6 +3293,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3156,6 +3308,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3187,6 +3343,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3209,6 +3369,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3361,6 +3523,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3372,6 +3538,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3403,6 +3573,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3425,6 +3599,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3740,6 +3916,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3751,6 +3931,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3782,6 +3966,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3804,6 +3992,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3956,6 +4146,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3967,6 +4161,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3998,6 +4196,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4020,6 +4222,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4315,6 +4519,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4326,6 +4534,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4357,6 +4569,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4379,6 +4595,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4531,6 +4749,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4542,6 +4764,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4573,6 +4799,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4595,6 +4825,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4898,6 +5130,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4909,6 +5145,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4940,6 +5180,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4962,6 +5206,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5114,6 +5360,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5125,6 +5375,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5156,6 +5410,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5178,6 +5436,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5436,6 +5696,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -5511,6 +5798,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -5663,6 +5960,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5674,6 +5975,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5705,6 +6010,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5727,6 +6036,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5879,6 +6190,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5890,6 +6205,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5921,6 +6240,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5943,6 +6266,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6191,6 +6516,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -6271,7 +6623,17 @@ spec: type: "boolean" api: type: "string" - group: + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + group: type: "string" includeSharedProjects: type: "boolean" @@ -6423,6 +6785,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -6434,6 +6800,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -6465,6 +6835,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -6487,6 +6861,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6639,6 +7015,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -6650,6 +7030,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -6681,6 +7065,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -6703,6 +7091,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6874,11 +7264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7013,6 +7405,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7024,6 +7420,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7055,6 +7455,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7077,6 +7481,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7229,6 +7635,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7240,6 +7650,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7271,6 +7685,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7293,6 +7711,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7471,11 +7891,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7613,6 +8035,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7624,6 +8050,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7655,6 +8085,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7677,6 +8111,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7829,6 +8265,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7840,6 +8280,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7871,6 +8315,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7893,6 +8341,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8068,11 +8518,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -8205,6 +8657,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8216,6 +8672,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8247,6 +8707,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8269,6 +8733,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8421,6 +8887,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8432,6 +8902,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8463,6 +8937,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8485,6 +8963,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8800,6 +9280,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8811,6 +9295,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8842,6 +9330,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8864,6 +9356,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9016,6 +9510,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9027,6 +9525,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9058,6 +9560,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9080,6 +9586,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9375,6 +9883,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9386,6 +9898,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9417,6 +9933,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9439,6 +9959,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9591,6 +10113,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9602,6 +10128,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9633,6 +10163,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9655,6 +10189,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9958,6 +10494,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9969,6 +10509,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10000,6 +10544,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10022,6 +10570,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10174,6 +10724,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10185,6 +10739,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10216,6 +10774,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10238,6 +10800,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10496,6 +11060,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -10571,6 +11162,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -10723,6 +11324,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10734,6 +11339,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10765,6 +11374,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10787,6 +11400,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10939,6 +11554,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10950,6 +11569,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10981,6 +11604,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11003,6 +11630,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11251,6 +11880,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -11331,6 +11987,16 @@ spec: type: "boolean" api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" group: type: "string" includeSharedProjects: @@ -11483,6 +12149,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -11494,6 +12164,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -11525,6 +12199,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11547,6 +12225,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11699,6 +12379,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -11710,6 +12394,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -11741,6 +12429,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11763,6 +12455,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11934,11 +12628,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -12077,6 +12773,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12088,6 +12788,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12119,6 +12823,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12141,6 +12849,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12293,6 +13003,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12304,6 +13018,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12335,6 +13053,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12357,6 +13079,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12659,6 +13383,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12670,6 +13398,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12701,6 +13433,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12723,6 +13459,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12875,6 +13613,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12886,6 +13628,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12917,6 +13663,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12939,6 +13689,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13197,6 +13949,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -13272,6 +14051,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -13424,6 +14213,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -13435,6 +14228,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -13466,6 +14263,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -13488,6 +14289,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13640,6 +14443,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -13651,6 +14458,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -13682,6 +14493,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -13704,6 +14519,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13952,6 +14769,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -14032,6 +14876,16 @@ spec: type: "boolean" api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" group: type: "string" includeSharedProjects: @@ -14184,6 +15038,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14195,6 +15053,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14226,6 +15088,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14248,6 +15114,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -14400,6 +15268,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14411,6 +15283,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14442,6 +15318,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14464,6 +15344,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -14635,11 +15517,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -14849,6 +15733,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14860,6 +15748,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14891,6 +15783,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14913,6 +15809,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -15065,6 +15963,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -15076,6 +15978,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -15107,6 +16013,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -15129,6 +16039,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml index 28e52e69b..1c538c867 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml @@ -64,6 +64,25 @@ spec: description: description: "Description contains optional project description" type: "string" + destinationServiceAccounts: + description: "DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination." + items: + description: "ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation." + properties: + defaultServiceAccount: + description: "DefaultServiceAccount to be used for impersonation during the sync operation" + type: "string" + namespace: + description: "Namespace specifies the target namespace for the application's resources." + type: "string" + server: + description: "Server specifies the URL of the target cluster's Kubernetes control plane API." + type: "string" + required: + - "defaultServiceAccount" + - "server" + type: "object" + type: "array" destinations: description: "Destinations contains list of destinations available for deployment" items: diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml index f915fce2f..0ba0f8f7c 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "nodeclaims.karpenter.sh" spec: group: "karpenter.sh" @@ -105,7 +105,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self != \"kubernetes.io/hostname\"" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" + rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" minValues: description: "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement." maximum: 50.0 diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml index ad5eed418..abde288c4 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "nodepools.karpenter.sh" spec: group: "karpenter.sh" @@ -152,7 +152,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self.all(x, x != \"kubernetes.io/hostname\")" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))" + rule: "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))" type: "object" spec: description: "NodeClaimTemplateSpec describes the desired state of the NodeClaim in the Nodepool\nNodeClaimTemplateSpec is used in the NodePool's NodeClaimTemplate, with the resource requests omitted since\nusers are not able to set resource requests in the NodePool." @@ -202,7 +202,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self != \"kubernetes.io/hostname\"" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" + rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" minValues: description: "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement." maximum: 50.0 diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml index cb13bde80..480a4cae1 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumclusterwideenvoyconfigs.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml index f4fe85468..a13dbd3ba 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumclusterwidenetworkpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml index a4b00868f..a47b613e5 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumegressgatewaypolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml index 83bd8e1c6..4aa32caf0 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumendpoints.cilium.io" spec: group: "cilium.io" @@ -182,7 +182,7 @@ spec: description: "EndpointStatusChange Indication of a change of status\n\nswagger:model EndpointStatusChange" properties: code: - description: "Code indicate type of status change\nEnum: [ok failed]" + description: "Code indicate type of status change\nEnum: [\"ok\",\"failed\"]" type: "string" message: description: "Status message" @@ -207,7 +207,7 @@ spec: description: "Layer 4 port number" type: "integer" protocol: - description: "Layer 4 protocol\nEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]" + description: "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]" type: "string" type: "object" type: "array" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml index e761dc16d..d92b4e2af 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumenvoyconfigs.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml index 2257422fb..34bc7c6b2 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumexternalworkloads.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml index ed21b8ec0..272402cf5 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumidentities.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml index e789f7ad4..6334f684d 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumlocalredirectpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml index 8c42caae3..6100bc355 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumnetworkpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml index 929a41a5e..b4b5ddaf2 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumnodes.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml index 4a74d1bff..851c2eece 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumbgppeeringpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml index 0d6988a95..68862027c 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumcidrgroups.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml index 0fc4e302b..51f8dcecb 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumendpointslices.cilium.io" spec: group: "cilium.io" @@ -56,7 +56,7 @@ spec: description: "Layer 4 port number" type: "integer" protocol: - description: "Layer 4 protocol\nEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]" + description: "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]" type: "string" type: "object" type: "array" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml index 6529a048a..b5665798a 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliuml2announcementpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml index 909d5d78c..3d40784a1 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumloadbalancerippools.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml index f80379454..aac9336b6 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumpodippools.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml index e142fe477..7dda5a03b 100644 --- a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml +++ b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "valssecrets.digitalis.io" spec: group: "digitalis.io" @@ -19,10 +19,10 @@ spec: description: "ValsSecret is the Schema for the valssecrets API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -37,7 +37,7 @@ spec: description: "Encoding type for the secret. Only base64 supported. Optional" type: "string" ref: - description: "Ref value to the secret in the format ref+backend://path https://github.com/helmfile/vals" + description: "Ref value to the secret in the format ref+backend://path\nhttps://github.com/helmfile/vals" type: "string" required: - "ref" @@ -94,6 +94,21 @@ spec: type: "array" name: type: "string" + rollout: + items: + description: "RolloutTarget sets up what deployment or sts to restart" + properties: + kind: + description: "Kind is either Deployment, Pod or StatefulSet" + type: "string" + name: + description: "Name is the object name" + type: "string" + required: + - "kind" + - "name" + type: "object" + type: "array" template: additionalProperties: type: "string" diff --git a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml index 09164525f..b881d9a01 100644 --- a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml +++ b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "dbsecrets.digitalis.io" spec: group: "digitalis.io" @@ -19,10 +19,10 @@ spec: description: "DbSecret is the Schema for the dbsecrets API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml index 7613e694a..4eeb92d2d 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml @@ -291,7 +291,7 @@ spec: type: "array" refreshInterval: default: "1h" - description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h." + description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"5d\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h." type: "string" secretStoreRef: description: "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data." diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml index 949e0c98b..a0bb461f0 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml @@ -276,7 +276,7 @@ spec: type: "array" refreshInterval: default: "1h" - description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h." + description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"5d\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h." type: "string" secretStoreRef: description: "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data." diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml index 54af2287f..2734d2495 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml @@ -220,8 +220,7 @@ spec: type: "string" flushSeconds: description: "Interval to flush output" - format: "int64" - type: "integer" + type: "number" graceSeconds: description: "Wait time on exit" format: "int64" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml index 717af7378..c1d767725 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml @@ -2257,6 +2257,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKey: + description: "The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model." + type: "string" logsBodyKeyAttributes: description: "If true, remaining unmatched keys are added as attributes." type: "boolean" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml index b6f21696d..58aa9a3e2 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml @@ -244,8 +244,7 @@ spec: type: "string" flushSeconds: description: "Interval to flush output" - format: "int64" - type: "integer" + type: "number" graceSeconds: description: "Wait time on exit" format: "int64" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml index 77b608de2..ba3de9b52 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml @@ -2257,6 +2257,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKey: + description: "The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model." + type: "string" logsBodyKeyAttributes: description: "If true, remaining unmatched keys are added as attributes." type: "boolean" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml index 991c8f8d9..7ac8f8656 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml @@ -56,7 +56,7 @@ spec: database: type: "string" editable: - description: "Deprecated field, it has no effect" + description: "Whether to enable/disable editing of the datasource in Grafana UI" type: "boolean" isDefault: type: "boolean" @@ -75,6 +75,7 @@ spec: type: type: "string" uid: + description: "Deprecated field, use spec.uid instead" type: "string" url: type: "string" @@ -136,6 +137,12 @@ spec: format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" + uid: + description: "The UID, for the datasource, fallback to the deprecated spec.datasource.uid and metadata.uid" + type: "string" + x-kubernetes-validations: + - message: "spec.uid is immutable" + rule: "self == oldSelf" valuesFrom: description: "environments variables from secrets or config maps" items: @@ -192,6 +199,9 @@ spec: - "datasource" - "instanceSelector" type: "object" + x-kubernetes-validations: + - message: "spec.uid is immutable" + rule: "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))" status: description: "GrafanaDatasourceStatus defines the observed state of GrafanaDatasource" properties: diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml index f7be79124..b83f794b3 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml @@ -47,6 +47,11 @@ spec: client: description: "Client defines how the grafana-operator talks to the grafana instance." properties: + headers: + additionalProperties: + type: "string" + description: "Custom HTTP headers to use when interacting with this Grafana." + type: "object" preferIngress: description: "If the operator should send it's request through the grafana instances ingress object instead of through the service." nullable: true diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml index d4bf50950..3df891c7a 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml @@ -88,6 +88,32 @@ spec: nullable: true type: "array" type: "object" + bitbucket: + description: "Bitbucket allows the configuration of options specific to the \"bitbucket\" join method." + nullable: true + properties: + allow: + description: "Allow is a list of Rules, nodes using this token must match one allow rule to use this token." + items: + properties: + branch_name: + type: "string" + deployment_environment_uuid: + type: "string" + repository_uuid: + type: "string" + workspace_uuid: + type: "string" + type: "object" + nullable: true + type: "array" + audience: + description: "Audience is a Bitbucket-specified audience value for this token. It is unique to each Bitbucket repository, and must be set to the value as written in the Pipelines -> OpenID Connect section of the repository settings." + type: "string" + identity_provider_url: + description: "IdentityProviderURL is a Bitbucket-specified issuer URL for incoming OIDC tokens. It is unique to each Bitbucket repository, and must be set to the value as written in the Pipelines -> OpenID Connect section of the repository settings." + type: "string" + type: "object" bot_name: description: "BotName is the name of the bot this token grants access to, if any" type: "string" @@ -169,6 +195,9 @@ spec: enterprise_slug: description: "EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be included in the expected issuer of the OIDC tokens. This is for compatibility with the `include_enterprise_slug` option in GHE. This field should be set to the slug of your enterprise if this is enabled. If this is not enabled, then this field must be left empty. This field cannot be specified if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise for more information about customized issuer values." type: "string" + static_jwks: + description: "StaticJWKS disables fetching of the GHES signing keys via the JWKS/OIDC endpoints, and allows them to be directly specified. This allows joining from GitHub Actions in GHES instances that are not reachable by the Teleport Auth Service." + type: "string" type: "object" gitlab: description: "GitLab allows the configuration of options specific to the \"gitlab\" join method." diff --git a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml index afd7c9460..cd5c3720b 100644 --- a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml +++ b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "cronfederatedhpas.autoscaling.karmada.io" spec: group: "autoscaling.karmada.io" @@ -56,7 +56,7 @@ spec: minimum: 0.0 type: "integer" name: - description: "Name of the rule.\nEach rule in a CronFederatedHPA must have a unique name.\n\n\nNote: the name will be used as an identifier to record its execution\nhistory. Changing the name will be considered as deleting the old rule\nand adding a new rule, that means the original execution history will be\ndiscarded." + description: "Name of the rule.\nEach rule in a CronFederatedHPA must have a unique name.\n\nNote: the name will be used as an identifier to record its execution\nhistory. Changing the name will be considered as deleting the old rule\nand adding a new rule, that means the original execution history will be\ndiscarded." maxLength: 32 minLength: 1 type: "string" diff --git a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml index 07797924e..56a026407 100644 --- a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml +++ b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "federatedhpas.autoscaling.karmada.io" spec: group: "autoscaling.karmada.io" diff --git a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml index 4b1aea3f5..777edf402 100644 --- a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml +++ b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourceinterpretercustomizations.config.karmada.io" spec: group: "config.karmada.io" @@ -50,7 +50,7 @@ spec: description: "DependencyInterpretation describes the rules for Karmada to analyze the\ndependent resources.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#interpretdependency\nIf DependencyInterpretation is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n serviceAccountName = desiredObj.spec.template.spec.serviceAccountName\n if serviceAccountName ~= nil and serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = serviceAccountName\n dependency.namespace = desiredObj.metadata.namespace\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe returned value should be expressed by a slice of DependentObjectReference." + description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n serviceAccountName = desiredObj.spec.template.spec.serviceAccountName\n if serviceAccountName ~= nil and serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = serviceAccountName\n dependency.namespace = desiredObj.metadata.namespace\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\nThe returned value should be expressed by a slice of DependentObjectReference." type: "string" required: - "luaScript" @@ -59,7 +59,7 @@ spec: description: "HealthInterpretation describes the health assessment rules by which Karmada\ncan assess the health state of the resource type." properties: luaScript: - description: "LuaScript holds the Lua script that is used to assess the health state of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function InterpretHealth(observedObj)\n if observedObj.status.readyReplicas == observedObj.spec.replicas then\n return true\n end\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned boolean value indicates the health status." + description: "LuaScript holds the Lua script that is used to assess the health state of\na specific resource.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function InterpretHealth(observedObj)\n if observedObj.status.readyReplicas == observedObj.spec.replicas then\n return true\n end\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned boolean value indicates the health status." type: "string" required: - "luaScript" @@ -68,7 +68,7 @@ spec: description: "ReplicaResource describes the rules for Karmada to discover the resource's\nreplica as well as resource requirements.\nIt would be useful for those CRD resources that declare workload types like\nDeployment.\nIt is usually not needed for Kubernetes native resources(Deployment, Job) as\nKarmada knows how to discover info from them. But if it is set, the built-in\ndiscovery rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to discover the resource's\nreplica as well as resource requirements\n\n\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetReplicas(desiredObj)\n replica = desiredObj.spec.replicas\n requirement = {}\n requirement.nodeClaim = {}\n requirement.nodeClaim.nodeSelector = desiredObj.spec.template.spec.nodeSelector\n requirement.nodeClaim.tolerations = desiredObj.spec.template.spec.tolerations\n requirement.resourceRequest = desiredObj.spec.template.spec.containers[1].resources.limits\n return replica, requirement\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe function expects two return values:\n - replica: the declared replica number\n - requirement: the resource required by each replica expressed with a\n ResourceBindingSpec.ReplicaRequirements.\nThe returned values will be set into a ResourceBinding or ClusterResourceBinding." + description: "LuaScript holds the Lua script that is used to discover the resource's\nreplica as well as resource requirements\n\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function GetReplicas(desiredObj)\n replica = desiredObj.spec.replicas\n requirement = {}\n requirement.nodeClaim = {}\n requirement.nodeClaim.nodeSelector = desiredObj.spec.template.spec.nodeSelector\n requirement.nodeClaim.tolerations = desiredObj.spec.template.spec.tolerations\n requirement.resourceRequest = desiredObj.spec.template.spec.containers[1].resources.limits\n return replica, requirement\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\nThe function expects two return values:\n - replica: the declared replica number\n - requirement: the resource required by each replica expressed with a\n ResourceBindingSpec.ReplicaRequirements.\nThe returned values will be set into a ResourceBinding or ClusterResourceBinding." type: "string" required: - "luaScript" @@ -77,7 +77,7 @@ spec: description: "ReplicaRevision describes the rules for Karmada to revise the resource's replica.\nIt would be useful for those CRD resources that declare workload types like\nDeployment.\nIt is usually not needed for Kubernetes native resources(Deployment, Job) as\nKarmada knows how to revise replicas for them. But if it is set, the built-in\nrevision rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to revise replicas in the desired specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function ReviseReplica(desiredObj, desiredReplica)\n desiredObj.spec.replicas = desiredReplica\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - desiredReplica: the replica number should be applied with.\n\n\nThe returned object should be a revised configuration which will be\napplied to member cluster eventually." + description: "LuaScript holds the Lua script that is used to revise replicas in the desired specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function ReviseReplica(desiredObj, desiredReplica)\n desiredObj.spec.replicas = desiredReplica\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - desiredReplica: the replica number should be applied with.\n\nThe returned object should be a revised configuration which will be\napplied to member cluster eventually." type: "string" required: - "luaScript" @@ -86,7 +86,7 @@ spec: description: "Retention describes the desired behavior that Karmada should react on\nthe changes made by member cluster components. This avoids system\nrunning into a meaningless loop that Karmada resource controller and\nthe member cluster component continually applying opposite values of a field.\nFor example, the \"replicas\" of Deployment might be changed by the HPA\ncontroller on member cluster. In this case, Karmada should retain the \"replicas\"\nand not try to change it." properties: luaScript: - description: "LuaScript holds the Lua script that is used to retain runtime values\nto the desired specification.\n\n\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function Retain(desiredObj, observedObj)\n desiredObj.spec.fieldFoo = observedObj.spec.fieldFoo\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned object should be a retained configuration which will be\napplied to member cluster eventually." + description: "LuaScript holds the Lua script that is used to retain runtime values\nto the desired specification.\n\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function Retain(desiredObj, observedObj)\n desiredObj.spec.fieldFoo = observedObj.spec.fieldFoo\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned object should be a retained configuration which will be\napplied to member cluster eventually." type: "string" required: - "luaScript" @@ -95,7 +95,7 @@ spec: description: "StatusAggregation describes the rules for Karmada to aggregate status\ncollected from member clusters to resource template.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#aggregatestatus\nIf StatusAggregation is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to aggregate decentralized statuses\nto the desired specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function AggregateStatus(desiredObj, statusItems)\n for i = 1, #statusItems do\n desiredObj.status.readyReplicas = desiredObj.status.readyReplicas + items[i].readyReplicas\n end\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents a resource template.\n - statusItems: the slice of status expressed with AggregatedStatusItem.\n\n\nThe returned object should be a whole object with status aggregated." + description: "LuaScript holds the Lua script that is used to aggregate decentralized statuses\nto the desired specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function AggregateStatus(desiredObj, statusItems)\n for i = 1, #statusItems do\n desiredObj.status.readyReplicas = desiredObj.status.readyReplicas + items[i].readyReplicas\n end\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents a resource template.\n - statusItems: the slice of status expressed with AggregatedStatusItem.\n\nThe returned object should be a whole object with status aggregated." type: "string" required: - "luaScript" @@ -104,7 +104,7 @@ spec: description: "StatusReflection describes the rules for Karmada to pick the resource's status.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#interpretstatus\nIf StatusReflection is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to get the status from the observed specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function ReflectStatus(observedObj)\n status = {}\n status.readyReplicas = observedObj.status.observedObj\n return status\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned status could be the whole status or part of it and will\nbe set into both Work and ResourceBinding(ClusterResourceBinding)." + description: "LuaScript holds the Lua script that is used to get the status from the observed specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function ReflectStatus(observedObj)\n status = {}\n status.readyReplicas = observedObj.status.observedObj\n return status\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned status could be the whole status or part of it and will\nbe set into both Work and ResourceBinding(ClusterResourceBinding)." type: "string" required: - "luaScript" diff --git a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml index 5a4556af3..717ffea40 100644 --- a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml +++ b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourceinterpreterwebhookconfigurations.config.karmada.io" spec: group: "config.karmada.io" @@ -41,7 +41,7 @@ spec: format: "byte" type: "string" service: - description: "`service` is a reference to the service for this webhook. Either\n`service` or `url` must be specified.\n\n\nIf the webhook is running within the cluster, then you should use `service`." + description: "`service` is a reference to the service for this webhook. Either\n`service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`." properties: name: description: "`name` is the name of the service.\nRequired" @@ -61,7 +61,7 @@ spec: - "namespace" type: "object" url: - description: "`url` gives the location of the webhook, in standard URL form\n(`scheme://host:port/path`). Exactly one of `url` or `service`\nmust be specified.\n\n\nThe `host` should not refer to a service running in the cluster; use\nthe `service` field instead. The host might be resolved via external\nDNS in some apiservers (e.g., `kube-apiserver` cannot resolve\nin-cluster DNS as that would be a layering violation). `host` may\nalso be an IP address.\n\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is\nrisky unless you take great care to run this webhook on all hosts\nwhich run an apiserver which might need to make calls to this\nwebhook. Such installs are likely to be non-portable, i.e., not easy\nto turn up in a new cluster.\n\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\n\nA path is optional, and if present may be any string permissible in\na URL. You may use the path to pass an arbitrary string to the\nwebhook, for example, a cluster identifier.\n\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not\nallowed. Fragments (\"#...\") and query parameters (\"?...\") are not\nallowed, either." + description: "`url` gives the location of the webhook, in standard URL form\n(`scheme://host:port/path`). Exactly one of `url` or `service`\nmust be specified.\n\nThe `host` should not refer to a service running in the cluster; use\nthe `service` field instead. The host might be resolved via external\nDNS in some apiservers (e.g., `kube-apiserver` cannot resolve\nin-cluster DNS as that would be a layering violation). `host` may\nalso be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is\nrisky unless you take great care to run this webhook on all hosts\nwhich run an apiserver which might need to make calls to this\nwebhook. Such installs are likely to be non-portable, i.e., not easy\nto turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in\na URL. You may use the path to pass an arbitrary string to the\nwebhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not\nallowed. Fragments (\"#...\") and query parameters (\"?...\") are not\nallowed, either." type: "string" type: "object" interpreterContextVersions: @@ -78,7 +78,7 @@ spec: description: "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make\nsure that all the tuple expansions are valid." properties: apiGroups: - description: "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nFor example:\n [\"apps\", \"batch\", \"example.io\"] means matches 3 groups.\n [\"*\"] means matches all group\n\n\nNote: The group could be empty, e.g the 'core' group of kubernetes, in that case use [\"\"]." + description: "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nFor example:\n [\"apps\", \"batch\", \"example.io\"] means matches 3 groups.\n [\"*\"] means matches all group\n\nNote: The group could be empty, e.g the 'core' group of kubernetes, in that case use [\"\"]." items: type: "string" type: "array" diff --git a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml index d79cefcb5..aacf59622 100644 --- a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml +++ b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "multiclusteringresses.networking.karmada.io" spec: group: "networking.karmada.io" @@ -70,6 +70,7 @@ spec: format: "int32" type: "integer" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -83,7 +84,7 @@ spec: description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." @@ -130,6 +131,7 @@ spec: format: "int32" type: "integer" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -193,7 +195,7 @@ spec: description: "IngressPortStatus represents the error condition of a service port" properties: error: - description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -202,10 +204,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "protocol is the protocol of the ingress port.\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml index 05adea19e..b39a5e143 100644 --- a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml +++ b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "multiclusterservices.networking.karmada.io" spec: group: "networking.karmada.io" @@ -41,6 +41,8 @@ spec: name: description: "Name is the name of the cluster to be selected." type: "string" + required: + - "name" type: "object" type: "array" ports: @@ -67,6 +69,8 @@ spec: name: description: "Name is the name of the cluster to be selected." type: "string" + required: + - "name" type: "object" type: "array" range: @@ -103,7 +107,7 @@ spec: conditions: description: "Current service state" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -132,7 +136,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -169,7 +173,7 @@ spec: items: properties: error: - description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -178,10 +182,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "Protocol is the protocol of the service port of which status is recorded here\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml index 9fa618df0..3905af549 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusteroverridepolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -60,6 +60,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -188,7 +189,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -223,6 +224,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -327,7 +329,7 @@ spec: type: "object" type: "array" overriders: - description: "Overriders represents the override rules that would apply on resources\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "Overriders represents the override rules that would apply on resources\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: annotationsOverrider: description: "AnnotationsOverrider represents the rules dedicated to handling workload annotations" @@ -348,6 +350,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -476,7 +479,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -511,6 +514,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -593,7 +597,7 @@ spec: type: "object" type: "array" targetCluster: - description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: clusterNames: description: "ClusterNames is the list of clusters to be selected." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml index 4637d689a..72a1ada10 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterpropagationpolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -44,7 +44,7 @@ spec: description: "Spec represents the desired behavior of ClusterPropagationPolicy." properties: activationPreference: - description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." + description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." enum: - "Lazy" type: "string" @@ -53,13 +53,13 @@ spec: type: "boolean" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" type: "string" dependentOverrides: - description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." + description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." items: type: "string" type: "array" @@ -98,7 +98,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -423,15 +423,15 @@ spec: - "Never" type: "string" preserveResourcesOnDeletion: - description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." + description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." type: "boolean" priority: default: 0 - description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\n\nThe higher the value, the higher the priority. Defaults to zero." + description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\nThe higher the value, the higher the priority. Defaults to zero." format: "int32" type: "integer" propagateDeps: - description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\n\nDefaults to false." + description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\nDefaults to false." type: "boolean" resourceSelectors: description: "ResourceSelectors used to select resources.\nNil or empty selector is not allowed and doesn't mean match all kinds\nof resources for security concerns that sensitive resources(like Secret)\nmight be accidentally propagated." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml index 6af6c9c38..87a1eccd8 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "federatedresourcequotas.policy.karmada.io" spec: group: "policy.karmada.io" diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml index b63b4708b..ea9441212 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "overridepolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -60,6 +60,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -188,7 +189,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -223,6 +224,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -327,7 +329,7 @@ spec: type: "object" type: "array" overriders: - description: "Overriders represents the override rules that would apply on resources\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "Overriders represents the override rules that would apply on resources\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: annotationsOverrider: description: "AnnotationsOverrider represents the rules dedicated to handling workload annotations" @@ -348,6 +350,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -476,7 +479,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -511,6 +514,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -593,7 +597,7 @@ spec: type: "object" type: "array" targetCluster: - description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: clusterNames: description: "ClusterNames is the list of clusters to be selected." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml index 262396546..eb3be0586 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "propagationpolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -44,7 +44,7 @@ spec: description: "Spec represents the desired behavior of PropagationPolicy." properties: activationPreference: - description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." + description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." enum: - "Lazy" type: "string" @@ -53,13 +53,13 @@ spec: type: "boolean" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" type: "string" dependentOverrides: - description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." + description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." items: type: "string" type: "array" @@ -98,7 +98,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -423,15 +423,15 @@ spec: - "Never" type: "string" preserveResourcesOnDeletion: - description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." + description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." type: "boolean" priority: default: 0 - description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\n\nThe higher the value, the higher the priority. Defaults to zero." + description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\nThe higher the value, the higher the priority. Defaults to zero." format: "int32" type: "integer" propagateDeps: - description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\n\nDefaults to false." + description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\nDefaults to false." type: "boolean" resourceSelectors: description: "ResourceSelectors used to select resources.\nNil or empty selector is not allowed and doesn't mean match all kinds\nof resources for security concerns that sensitive resources(like Secret)\nmight be accidentally propagated." diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml index 185a56b4d..d8d9ff874 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterresourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -116,7 +116,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -145,7 +145,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml index cae7326cb..9dea381d1 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -116,7 +116,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -145,7 +145,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml index 9da3c1f1d..e0a1ebe74 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "works.work.karmada.io" spec: group: "work.karmada.io" @@ -67,7 +67,7 @@ spec: conditions: description: "Conditions contain the different condition statuses for this work.\nValid condition types are:\n1. Applied represents workload in Work is applied successfully on a managed cluster.\n2. Progressing represents workload in Work is being applied on a managed cluster.\n3. Available represents workload in Work exists on the managed cluster.\n4. Degraded represents the current state of workload does not match the desired\nstate for a certain period." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -96,7 +96,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml index f3bab66b8..070ec3c57 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterresourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -61,7 +61,7 @@ spec: type: "array" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" @@ -103,7 +103,7 @@ spec: description: "GracefulEvictionTask represents a graceful eviction task." properties: creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\n\nPopulated by the system. Read-only." + description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\nPopulated by the system. Read-only." format: "date-time" type: "string" fromCluster: @@ -120,6 +120,13 @@ spec: producer: description: "Producer indicates the controller who triggered the eviction." type: "string" + purgeMode: + description: "PurgeMode represents how to deal with the legacy applications on the\ncluster from which the application is migrated.\nValid options are \"Immediately\", \"Graciously\" and \"Never\"." + enum: + - "Immediately" + - "Graciously" + - "Never" + type: "string" reason: description: "Reason contains a programmatic identifier indicating the reason for the eviction.\nProducers may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 32 @@ -143,7 +150,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -615,7 +622,7 @@ spec: type: "object" type: "array" rescheduleTriggeredAt: - description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." + description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." format: "date-time" type: "string" resource: @@ -701,7 +708,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -730,7 +737,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml index ab7146ddd..d1e54bf09 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -61,7 +61,7 @@ spec: type: "array" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" @@ -103,7 +103,7 @@ spec: description: "GracefulEvictionTask represents a graceful eviction task." properties: creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\n\nPopulated by the system. Read-only." + description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\nPopulated by the system. Read-only." format: "date-time" type: "string" fromCluster: @@ -120,6 +120,13 @@ spec: producer: description: "Producer indicates the controller who triggered the eviction." type: "string" + purgeMode: + description: "PurgeMode represents how to deal with the legacy applications on the\ncluster from which the application is migrated.\nValid options are \"Immediately\", \"Graciously\" and \"Never\"." + enum: + - "Immediately" + - "Graciously" + - "Never" + type: "string" reason: description: "Reason contains a programmatic identifier indicating the reason for the eviction.\nProducers may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 32 @@ -143,7 +150,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -615,7 +622,7 @@ spec: type: "object" type: "array" rescheduleTriggeredAt: - description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." + description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." format: "date-time" type: "string" resource: @@ -701,7 +708,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -730,7 +737,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml index 23cbd3435..50f1308d1 100644 --- a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml +++ b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml @@ -420,6 +420,36 @@ spec: priority_class_name: description: "The priorityClassName used to assign the priority of the Kiali pod." type: "string" + probes: + description: "Configures the liveness, readiness, and startup probes of the Kiali pod." + properties: + liveness: + description: "Configures the liveness probe of the Kiali pod." + properties: + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + readiness: + description: "Configures the readiness probe of the Kiali pod." + properties: + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + startup: + description: "Configures the startup probe of the Kiali pod." + properties: + failure_threshold: + type: "integer" + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + type: "object" remote_cluster_resources_only: description: "When `true`, only those resources necessary for a remote Kiali Server to access this cluster are created (such as the service account and roles/bindings). There will be no Kiali Server deployment/pod created when this is `true`." type: "boolean" diff --git a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml index 408eedd96..e1a7469b7 100644 --- a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml +++ b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml @@ -6379,6 +6379,9 @@ spec: endpoint: description: "Endpoint is an externally accessible URL of the workflow" type: "string" + flowCRC: + format: "int32" + type: "integer" lastTimeRecoverAttempt: format: "date-time" type: "string" diff --git a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml index d3302dc63..cee0e39f9 100644 --- a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml +++ b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml @@ -105,7 +105,7 @@ spec: suspendDeployments: description: "If SuspendDeployments is set to false, on sleep the deployment of the namespace will not be suspended. By default Deployment will be suspended." type: "boolean" - suspendStatefulsets: + suspendStatefulSets: description: "If SuspendStatefulSets is set to false, on sleep the statefulset of the namespace will not be suspended. By default StatefulSet will be suspended." type: "boolean" timeZone: diff --git a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshotcontents.yaml b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshotcontents.yaml index 7e9713b6d..547244280 100644 --- a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshotcontents.yaml +++ b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshotcontents.yaml @@ -163,29 +163,6 @@ spec: format: "date-time" type: "string" type: "object" - pvVolumeSnapshotContentList: - description: "PVVolumeSnapshotContentList is the list of pairs of PV and\nVolumeSnapshotContent for this group snapshot\nThe maximum number of allowed snapshots in the group is 100." - items: - description: "PVVolumeSnapshotContentPair represent a pair of PV names and\nVolumeSnapshotContent names" - properties: - persistentVolumeRef: - description: "PersistentVolumeRef is a reference to the persistent volume resource" - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - volumeSnapshotContentRef: - description: "VolumeSnapshotContentRef is a reference to the volume snapshot content resource" - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "array" readyToUse: description: "ReadyToUse indicates if all the individual snapshots in the group are ready to be\nused to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true." type: "boolean" diff --git a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshots.yaml b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshots.yaml index 12e8285fd..2a1449b31 100644 --- a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshots.yaml +++ b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1alpha1/volumegroupsnapshots.yaml @@ -135,29 +135,6 @@ spec: format: "date-time" type: "string" type: "object" - pvcVolumeSnapshotRefList: - description: "VolumeSnapshotRefList is the list of PVC and VolumeSnapshot pairs that\nis part of this group snapshot.\nThe maximum number of allowed snapshots in the group is 100." - items: - description: "PVCVolumeSnapshotPair defines a pair of a PVC reference and a Volume Snapshot Reference" - properties: - persistentVolumeClaimRef: - description: "PersistentVolumeClaimRef is a reference to the PVC this pair is referring to" - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - volumeSnapshotRef: - description: "VolumeSnapshotRef is a reference to the VolumeSnapshot this pair is referring to" - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "array" readyToUse: description: "ReadyToUse indicates if all the individual snapshots in the group are ready\nto be used to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.\nIf not specified, it means the readiness of a group snapshot is unknown." type: "boolean" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml index 7dda72f91..d0898d741 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "bootstrapproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml index a3cbeeff4..c0abd2878 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "controlplaneproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml index 48517f26f..1e9bc9bcd 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "coreproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml index 223ac73d1..43d7936db 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "infrastructureproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml index 3f3751517..949a71580 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "addonproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml index 05a4fe035..5f9c45392 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "bootstrapproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml index 75918dd78..72a7c3e10 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "controlplaneproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml index 5e0c0befe..73115273e 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "coreproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml index 1bf0c5f50..172bbc964 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "infrastructureproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml index 74268755b..aae575a1c 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml @@ -80,6 +80,119 @@ spec: - "hostGroupName" - "vmGroupName" type: "object" + networkConfigurations: + description: "NetworkConfigurations is a list of network configurations within this failure domain." + items: + description: "NetworkConfiguration defines a network configuration that should be used when consuming\na failure domain." + properties: + addressesFromPools: + description: "AddressesFromPools is a list of IPAddressPools that should be assigned\nto IPAddressClaims. The machine's cloud-init metadata will be populated\nwith IPAddresses fulfilled by an IPAM provider." + items: + description: "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + dhcp4: + description: "DHCP4 is a flag that indicates whether or not to use DHCP for IPv4." + type: "boolean" + dhcp4Overrides: + description: "DHCP4Overrides allows for the control over several DHCP behaviors.\nOverrides will only be applied when the corresponding DHCP flag is set.\nOnly configured values will be sent, omitted values will default to\ndistribution defaults.\nDependent on support in the network stack for your distribution.\nFor more information see the netplan reference (https://netplan.io/reference#dhcp-overrides)" + properties: + hostname: + description: "Hostname is the name which will be sent to the DHCP server instead of\nthe machine's hostname." + type: "string" + routeMetric: + description: "RouteMetric is used to prioritize routes for devices. A lower metric for\nan interface will have a higher priority." + type: "integer" + sendHostname: + description: "SendHostname when `true`, the hostname of the machine will be sent to the\nDHCP server." + type: "boolean" + useDNS: + description: "UseDNS when `true`, the DNS servers in the DHCP server will be used and\ntake precedence." + type: "boolean" + useDomains: + description: "UseDomains can take the values `true`, `false`, or `route`. When `true`,\nthe domain name from the DHCP server will be used as the DNS search\ndomain for this device. When `route`, the domain name from the DHCP\nresponse will be used for routing DNS only, not for searching." + type: "string" + useHostname: + description: "UseHostname when `true`, the hostname from the DHCP server will be set\nas the transient hostname of the machine." + type: "boolean" + useMTU: + description: "UseMTU when `true`, the MTU from the DHCP server will be set as the\nMTU of the device." + type: "boolean" + useNTP: + description: "UseNTP when `true`, the NTP servers from the DHCP server will be used\nby systemd-timesyncd and take precedence." + type: "boolean" + useRoutes: + description: "UseRoutes when `true`, the routes from the DHCP server will be installed\nin the routing table." + type: "string" + type: "object" + dhcp6: + description: "DHCP6 is a flag that indicates whether or not to use DHCP for IPv6." + type: "boolean" + dhcp6Overrides: + description: "DHCP6Overrides allows for the control over several DHCP behaviors.\nOverrides will only be applied when the corresponding DHCP flag is set.\nOnly configured values will be sent, omitted values will default to\ndistribution defaults.\nDependent on support in the network stack for your distribution.\nFor more information see the netplan reference (https://netplan.io/reference#dhcp-overrides)" + properties: + hostname: + description: "Hostname is the name which will be sent to the DHCP server instead of\nthe machine's hostname." + type: "string" + routeMetric: + description: "RouteMetric is used to prioritize routes for devices. A lower metric for\nan interface will have a higher priority." + type: "integer" + sendHostname: + description: "SendHostname when `true`, the hostname of the machine will be sent to the\nDHCP server." + type: "boolean" + useDNS: + description: "UseDNS when `true`, the DNS servers in the DHCP server will be used and\ntake precedence." + type: "boolean" + useDomains: + description: "UseDomains can take the values `true`, `false`, or `route`. When `true`,\nthe domain name from the DHCP server will be used as the DNS search\ndomain for this device. When `route`, the domain name from the DHCP\nresponse will be used for routing DNS only, not for searching." + type: "string" + useHostname: + description: "UseHostname when `true`, the hostname from the DHCP server will be set\nas the transient hostname of the machine." + type: "boolean" + useMTU: + description: "UseMTU when `true`, the MTU from the DHCP server will be set as the\nMTU of the device." + type: "boolean" + useNTP: + description: "UseNTP when `true`, the NTP servers from the DHCP server will be used\nby systemd-timesyncd and take precedence." + type: "boolean" + useRoutes: + description: "UseRoutes when `true`, the routes from the DHCP server will be installed\nin the routing table." + type: "string" + type: "object" + nameservers: + description: "Nameservers is a list of IPv4 and/or IPv6 addresses used as DNS\nnameservers.\nPlease note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf)." + items: + type: "string" + type: "array" + networkName: + description: "NetworkName is the network name for this machine's VM." + type: "string" + searchDomains: + description: "SearchDomains is a list of search domains used when resolving IP\naddresses with DNS." + items: + type: "string" + type: "array" + required: + - "networkName" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "networkName" + x-kubernetes-list-type: "map" networks: description: "Networks is the list of networks within this failure domain" items: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml index 1edd5869a..3fc256e7a 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml @@ -68,10 +68,10 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." @@ -81,7 +81,7 @@ spec: description: "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API.\nFor this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone." type: "string" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -216,7 +216,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -322,7 +322,7 @@ spec: description: "ProviderID is the virtual machine's BIOS UUID formated as\nvsphere://12345678-1234-1234-1234-123456789abc" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -339,7 +339,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml index 9eec43f1e..59b0c03a8 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml @@ -66,10 +66,10 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." @@ -79,7 +79,7 @@ spec: description: "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API.\nFor this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone." type: "string" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -214,7 +214,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -320,7 +320,7 @@ spec: description: "ProviderID is the virtual machine's BIOS UUID formated as\nvsphere://12345678-1234-1234-1234-123456789abc" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -337,7 +337,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml index 183f024af..2034606c7 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml @@ -75,17 +75,17 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." format: "int32" type: "integer" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -220,7 +220,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -323,7 +323,7 @@ spec: - "trySoft" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -340,7 +340,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml index e7b700dcc..38e8882ef 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml @@ -41,60 +41,60 @@ spec: description: "Specification of the desired behavior of AdminNetworkPolicy." properties: egress: - description: "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core" + description: "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\nSupport: Core" items: description: "AdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a AdminNetworkPolicy's\nSubject field.\n" properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\nSupport: Core" enum: - "Allow" - "Deny" - "Pass" type: "string" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -108,14 +108,14 @@ spec: minItems: 1 type: "array" to: - description: "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -148,7 +148,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -231,26 +231,26 @@ spec: maxItems: 100 type: "array" ingress: - description: "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core" + description: "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by an AdminNetworkPolicy's\nSubject field." properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\nSupport: Core" enum: - "Allow" - "Deny" - "Pass" type: "string" from: - description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -283,7 +283,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -360,48 +360,48 @@ spec: minItems: 1 type: "array" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -421,13 +421,13 @@ spec: maxItems: 100 type: "array" priority: - description: "Priority is a value from 0 to 1000. Policies with lower priority values have\nhigher precedence, and are checked before policies with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nEvery AdminNetworkPolicy should have a unique priority value; if two (or more)\npolicies with the same priority could both match a connection, then the\nimplementation can apply any of the matching policies to the connection, and\nthere is no way for the user to reliably determine which one it will choose.\n\n\nSupport: Core" + description: "Priority is a value from 0 to 1000. Policies with lower priority values have\nhigher precedence, and are checked before policies with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nEvery AdminNetworkPolicy should have a unique priority value; if two (or more)\npolicies with the same priority could both match a connection, then the\nimplementation can apply any of the matching policies to the connection, and\nthere is no way for the user to reliably determine which one it will choose.\n\nSupport: Core" format: "int32" maximum: 1000.0 minimum: 0.0 type: "integer" subject: - description: "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core" + description: "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\nSupport: Core" maxProperties: 1 minProperties: 1 properties: @@ -547,7 +547,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -576,7 +576,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml index 737130a6c..a5d9520fb 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml @@ -38,18 +38,18 @@ spec: description: "Specification of the desired behavior of BaselineAdminNetworkPolicy." properties: egress: - description: "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core" + description: "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a BaselineAdminNetworkPolicy's\nSubject field.\n" properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\nSupport: Core" enum: - "Allow" - "Deny" type: "string" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: @@ -60,37 +60,37 @@ spec: minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -104,14 +104,14 @@ spec: minItems: 1 type: "array" to: - description: "To is the list of destinations whose traffic this rule applies to.\nIf any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "To is the list of destinations whose traffic this rule applies to.\nIf any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -144,7 +144,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -227,25 +227,25 @@ spec: maxItems: 100 type: "array" ingress: - description: "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core" + description: "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by a BaselineAdminNetworkPolicy's\nSubject field." properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\nSupport: Core" enum: - "Allow" - "Deny" type: "string" from: - description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -278,7 +278,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -355,48 +355,48 @@ spec: minItems: 1 type: "array" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -416,7 +416,7 @@ spec: maxItems: 100 type: "array" subject: - description: "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core" + description: "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\nSupport: Core" maxProperties: 1 minProperties: 1 properties: @@ -535,7 +535,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -564,7 +564,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml index 22eedde0a..fc7098c86 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "profilebindings.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml index 340cdcd12..a811f3355 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "profilerecordings.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" @@ -76,11 +76,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml index fd872f666..1aa0893d0 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "securityprofilenodestatuses.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml index f3c687891..4627d05a0 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "securityprofilesoperatordaemons.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" @@ -65,11 +65,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -86,11 +88,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -102,6 +106,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -126,11 +131,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -147,14 +154,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -190,11 +200,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -203,13 +215,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -233,11 +245,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -250,6 +264,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -265,6 +280,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -289,11 +305,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -302,13 +320,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,11 +350,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -349,6 +369,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -356,6 +377,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -387,11 +409,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -400,13 +424,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -430,11 +454,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -447,6 +473,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -462,6 +489,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -486,11 +514,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -499,13 +529,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -529,11 +559,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -546,6 +578,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -553,6 +586,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" allowedSeccompActions: @@ -570,13 +604,16 @@ spec: description: "DaemonResourceRequirements if defined, overwrites the default resource requirements\nof SPOD daemon." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -633,7 +670,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -715,11 +753,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -746,11 +786,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml index 497d65343..dd3f5b264 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "rawselinuxprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml index e899d369d..ea4878949 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "selinuxprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml index fb54804b6..2fb062d53 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "seccompprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml index b4b3bfe05..148314a02 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml @@ -453,6 +453,18 @@ spec: items: description: "Precopy durations" properties: + deltas: + items: + properties: + deltaId: + type: "string" + disk: + type: "string" + required: + - "deltaId" + - "disk" + type: "object" + type: "array" end: format: "date-time" type: "string" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml index a68556e75..d9830ddd1 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml @@ -837,6 +837,18 @@ spec: items: description: "Precopy durations" properties: + deltas: + items: + properties: + deltaId: + type: "string" + disk: + type: "string" + required: + - "deltaId" + - "disk" + type: "object" + type: "array" end: format: "date-time" type: "string" diff --git a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml index a6ed6ddd2..2c783cbce 100644 --- a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml +++ b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml @@ -424,6 +424,7 @@ spec: - "preparation error" - "provisioning error" - "power management error" + - "servicing error" type: "string" goodCredentials: description: "The last credentials we were able to validate as working." @@ -661,6 +662,7 @@ spec: - "error" - "delayed" - "detached" + - "servicing" type: "string" poweredOn: description: "The currently detected power state of the host. This field may get\nbriefly out of sync with the actual state of the hardware while\nprovisioning processes are running." diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index 50551bf2e..a0d72927e 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -680,7 +680,7 @@ spec: description: "`flowFilter` defines the eBPF agent configuration regarding flow filtering." properties: action: - description: "`action` defines the action to perform on the flows that match the filter." + description: "`action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`." enum: - "Accept" - "Reject" @@ -692,10 +692,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "`destPorts` defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `destPorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `destPorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`destPorts` optionally defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `destPorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `destPorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true direction: - description: "`direction` defines the direction to filter flows by." + description: "`direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`." enum: - "Ingress" - "Egress" @@ -704,25 +704,25 @@ spec: description: "Set `enable` to `true` to enable the eBPF flow filtering feature." type: "boolean" icmpCode: - description: "`icmpCode`, for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by." + description: "`icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by." type: "integer" icmpType: - description: "`icmpType`, for ICMP traffic, defines the ICMP type to filter flows by." + description: "`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by." type: "integer" peerIP: - description: "`peerIP` defines the IP address to filter flows by.\nExample: `10.10.10.10`." + description: "`peerIP` optionally defines the remote IP address to filter flows by.\nExample: `10.10.10.10`." type: "string" pktDrops: - description: "`pktDrops` filters flows with packet drops" + description: "`pktDrops` optionally filters only flows containing packet drops." type: "boolean" ports: anyOf: - type: "integer" - type: "string" - description: "`ports` defines the ports to filter flows by. It is used both for source and destination ports.\nTo filter a single port, set a single port as an integer value. For example, `ports: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `ports: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`ports` optionally defines the ports to filter flows by. It is used both for source and destination ports.\nTo filter a single port, set a single port as an integer value. For example, `ports: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `ports: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true protocol: - description: "`protocol` defines the protocol to filter flows by." + description: "`protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`." enum: - "TCP" - "UDP" @@ -734,10 +734,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "`sourcePorts` defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `sourcePorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`sourcePorts` optionally defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `sourcePorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true tcpFlags: - description: "`tcpFlags` defines the TCP flags to filter flows by." + description: "`tcpFlags` optionally defines TCP flags to filter flows by.\nIn addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK`, and `RST-ACK`." enum: - "SYN" - "SYN-ACK" @@ -847,7 +847,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2071,7 +2071,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2091,7 +2091,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2288,7 +2288,7 @@ spec: - "targetPort" type: "object" type: - description: "`type` selects the type of exporters. The available options are `Kafka` and `IPFIX`." + description: "`type` selects the type of exporters. The available options are `Kafka`, `IPFIX`, and `OpenTelemetry`." enum: - "Kafka" - "IPFIX" @@ -2322,7 +2322,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2342,7 +2342,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2798,7 +2798,7 @@ spec: type: "string" type: "array" enable: - description: "Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default.\nThese network policies better isolate the NetObserv components to prevent undesired connections to them.\nWe recommend you either enable it, or create your own network policy for NetObserv." + description: "Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default.\nThese network policies better isolate the NetObserv components to prevent undesired connections to them.\nTo increase the security of connections, enable this option or create your own network policy." type: "boolean" type: "object" processor: @@ -3904,7 +3904,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml index b6f760950..22cde83ad 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml @@ -55,7 +55,6 @@ spec: type: "string" valueJSON: description: "ValueJSON is a string representing a JSON object to be used in the operation. As such,\ninternal quotes must be escaped. If nonempty, Value is ignored." - format: "byte" type: "string" required: - "op" diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml index 55a12011a..fe17532f3 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml @@ -358,7 +358,7 @@ spec: description: "OpenStack is the configuration used when installing on OpenStack." properties: additionalSecurityGroupIDs: - description: "AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID\nis presented in the format sg-xxxx." + description: "AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID\nis presented in the UUID format." items: type: "string" type: "array" diff --git a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml index c55f94d48..52f6f99ea 100644 --- a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml +++ b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml @@ -151,6 +151,15 @@ spec: - "pciAddress" type: "object" type: "array" + system: + properties: + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" + type: "object" type: "object" status: description: "SriovNetworkNodeStateStatus defines the observed state of SriovNetworkNodeState" @@ -299,6 +308,15 @@ spec: type: "string" syncStatus: type: "string" + system: + properties: + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" + type: "object" type: "object" type: "object" served: true diff --git a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml index 3ec5cf214..293198116 100644 --- a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml +++ b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml @@ -73,6 +73,12 @@ spec: description: "Name is mandatory and must be unique.\nOn Kubernetes:\nName is the name of OvsHardwareOffloadConfig\nOn OpenShift:\nName is the name of MachineConfigPool to be enabled with OVS hardware offload" type: "string" type: "object" + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" type: "object" status: description: "SriovNetworkPoolConfigStatus defines the observed state of SriovNetworkPoolConfig" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml index e6402bdb2..1f1338d25 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml @@ -94,6 +94,13 @@ spec: type: "string" error: type: "string" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" lastTransition: format: "date-time" type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml index f1b9dc3ed..8b9d90be1 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml @@ -64,6 +64,13 @@ spec: type: "string" error: type: "string" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" lastTransition: format: "date-time" type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml index 124a2c192..0955fde7c 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml @@ -307,6 +307,13 @@ spec: required: - "credentialsSecret" type: "object" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" s3: properties: bucket: @@ -387,6 +394,28 @@ spec: - "name" type: "object" type: "array" + volumeMounts: + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" required: - "enabled" - "image" diff --git a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml index fa7c1c752..02aefc621 100644 --- a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml +++ b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml @@ -56,6 +56,9 @@ spec: type: "string" spec: properties: + activeDeadlineSeconds: + format: "int64" + type: "integer" containerOptions: properties: args: diff --git a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml index 4bafa1f1e..109ad4d89 100644 --- a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml +++ b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml @@ -54,6 +54,9 @@ spec: type: "boolean" backup: properties: + activeDeadlineSeconds: + format: "int64" + type: "integer" allowParallel: type: "boolean" annotations: diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml index 013eb93c6..ad7bf939b 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml @@ -73,7 +73,7 @@ spec: type: "string" type: "array" bpfDataIfacePattern: - description: "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...)." + description: "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...) or any other special device managed by Calico itself (e.g., tunnels)." type: "string" bpfDisableGROForIfaces: description: "BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...)." diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml index 0cdba8c4d..e1fbbafff 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "httpproxies.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml index 9b2807309..962f78139 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "tlscertificatedelegations.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml index 3913c5583..b82be2499 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "contourconfigurations.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml index c10728b49..1cc10aa02 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "contourdeployments.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml index f638ecc9d..aee2077ff 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "extensionservices.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml index ebfa2eb02..52a9e142b 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml @@ -704,15 +704,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml index a262e74c8..15c187637 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml @@ -468,15 +468,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml index fdf21fa7c..c29e873bb 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml @@ -747,7 +747,7 @@ spec: type: "object" type: "array" apiVersion: - description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"v1\" or \"v2\"." + description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"v1\" or \"v2\".\nThe field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported." type: "string" authorization: description: "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." @@ -2204,7 +2204,7 @@ spec: type: "object" type: "array" disableCompaction: - description: "When true, the Prometheus compaction is disabled." + description: "When true, the Prometheus compaction is disabled.\nWhen `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically\ndisables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends)." type: "boolean" dnsConfig: description: "Defines the DNS configuration for the pods." @@ -2261,6 +2261,9 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + enableOTLPReceiver: + description: "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0." + type: "boolean" enableRemoteWriteReceiver: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" @@ -3332,6 +3335,12 @@ spec: description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" + nameValidationScheme: + description: "Specifies the validation scheme for metric and label names." + enum: + - "UTF8" + - "Legacy" + type: "string" nodeSelector: additionalProperties: type: "string" @@ -3348,6 +3357,12 @@ spec: minItems: 1 type: "array" x-kubernetes-list-type: "set" + translationStrategy: + description: "Configures how the OTLP receiver endpoint translates the incoming metrics.\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "NoUTF8EscapingWithSuffixes" + - "UnderscoreEscapingWithSuffixes" + type: "string" type: "object" overrideHonorLabels: description: "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects." @@ -5296,20 +5311,30 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: default: "30s" description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" @@ -5507,7 +5532,7 @@ spec: description: "Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name." type: "string" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" + description: "Number of shards to distribute scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\nAlerting and recording rules\n\nBy default, the sharding is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class)." format: "int32" type: "integer" storage: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml index 1ee960e33..c2fdba708 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml @@ -716,15 +716,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml index da967dc37..89afde784 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml @@ -631,7 +631,7 @@ spec: type: "object" type: "object" alertDropLabels: - description: "AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts.\nThe replica label `thanos_ruler_replica` will always be dropped in alerts." + description: "Configures the label names which should be dropped in Thanos Ruler\nalerts.\n\nThe replica label `thanos_ruler_replica` will always be dropped from the alerts." items: type: "string" type: "array" @@ -639,10 +639,10 @@ spec: description: "The external Query URL the Thanos Ruler will set in the 'Source' field\nof all alerts.\nMaps to the '--alert.query-url' CLI arg." type: "string" alertRelabelConfigFile: - description: "AlertRelabelConfigFile specifies the path of the alert relabeling configuration file.\nWhen used alongside with AlertRelabelConfigs, alertRelabelConfigFile takes precedence." + description: "Configures the path to the alert relabeling configuration file.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `alertRelabelConfig`." type: "string" alertRelabelConfigs: - description: "AlertRelabelConfigs configures alert relabeling in ThanosRuler.\nAlert relabel configurations must have the form as specified in the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\nAlternative to AlertRelabelConfigFile, and lower order priority." + description: "Configures alert relabeling in Thanos Ruler.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration.\n\n`alertRelabelConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -659,7 +659,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" alertmanagersConfig: - description: "Define configuration for connecting to alertmanager. Only available with thanos v0.10.0\nand higher. Maps to the `alertmanagers.config` arg." + description: "Configures the list of Alertmanager endpoints to send alerts to.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.\n\nIt requires Thanos >= v0.10.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `alertmanagersUrl`." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -676,7 +676,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" alertmanagersUrl: - description: "Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher,\nAlertManagersConfig should be used instead. Note: this field will be ignored\nif AlertManagersConfig is specified.\nMaps to the `alertmanagers.url` arg." + description: "Configures the list of Alertmanager endpoints to send alerts to.\n\nFor Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead.\n\n`alertmanagersConfig` takes precedence over this field." items: type: "string" type: "array" @@ -2723,7 +2723,7 @@ spec: labels: additionalProperties: type: "string" - description: "Labels configure the external label pairs to ThanosRuler. A default replica label\n`thanos_ruler_replica` will be always added as a label with the value of the pod's name and it will be dropped in the alerts." + description: "Configures the external label pairs of the ThanosRuler resource.\n\nA default replica label `thanos_ruler_replica` will be always added as a\nlabel with the value of the pod's name." type: "object" listenLocal: description: "ListenLocal makes the Thanos ruler listen on loopback, so that it\ndoes not bind against the Pod IP." @@ -2754,7 +2754,7 @@ spec: description: "Define which Nodes the Pods are scheduled on." type: "object" objectStorageConfig: - description: "ObjectStorageConfig configures object storage in Thanos.\nAlternative to ObjectStorageConfigFile, and lower order priority." + description: "Configures object storage.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration.\n\n`objectStorageConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -2771,7 +2771,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" objectStorageConfigFile: - description: "ObjectStorageConfigFile specifies the path of the object storage configuration file.\nWhen used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence." + description: "Configures the path of the object storage configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `objectStorageConfig`." type: "string" paused: description: "When a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects." @@ -2817,7 +2817,7 @@ spec: type: "object" type: "array" queryConfig: - description: "Define configuration for connecting to thanos query instances.\nIf this is defined, the QueryEndpoints field will be ignored.\nMaps to the `query.config` CLI argument.\nOnly available with thanos v0.11.0 and higher." + description: "Configures the list of Thanos Query endpoints from which to query metrics.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api\n\nIt requires Thanos >= v0.11.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `queryEndpoints`." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -2834,7 +2834,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" queryEndpoints: - description: "QueryEndpoints defines Thanos querier endpoints from which to query metrics.\nMaps to the --query flag of thanos ruler." + description: "Configures the list of Thanos Query endpoints from which to query metrics.\n\nFor Thanos >= v0.11.0, it is recommended to use `queryConfig` instead.\n\n`queryConfig` takes precedence over this field." items: type: "string" type: "array" @@ -2924,7 +2924,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" ruleSelector: - description: "A label selector to select which PrometheusRules to mount for alerting and\nrecording." + description: "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3530,7 +3530,7 @@ spec: type: "object" type: "array" tracingConfig: - description: "TracingConfig configures tracing in Thanos.\n\n`tracingConfigFile` takes precedence over this field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Configures tracing.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration.\n\n`tracingConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -3547,7 +3547,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" tracingConfigFile: - description: "TracingConfig specifies the path of the tracing configuration file.\n\nThis field takes precedence over `tracingConfig`.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Configures the path of the tracing configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `tracingConfig`." type: "string" version: description: "Version of Thanos to be deployed." diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml index 2fbd53a0a..82b5bcb71 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml @@ -541,6 +541,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1233,6 +1236,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1788,6 +1794,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2340,6 +2349,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2899,6 +2911,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3527,6 +3542,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4038,6 +4056,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4607,6 +4628,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5140,6 +5164,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5633,6 +5660,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6119,6 +6149,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6646,6 +6679,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml index c3679ab3d..a07cc3ffc 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml @@ -1815,6 +1815,9 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + enableOTLPReceiver: + description: "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0." + type: "boolean" enableRemoteWriteReceiver: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" @@ -2879,6 +2882,12 @@ spec: - "StatefulSet" - "DaemonSet" type: "string" + nameValidationScheme: + description: "Specifies the validation scheme for metric and label names." + enum: + - "UTF8" + - "Legacy" + type: "string" nodeSelector: additionalProperties: type: "string" @@ -2895,6 +2904,12 @@ spec: minItems: 1 type: "array" x-kubernetes-list-type: "set" + translationStrategy: + description: "Configures how the OTLP receiver endpoint translates the incoming metrics.\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "NoUTF8EscapingWithSuffixes" + - "UnderscoreEscapingWithSuffixes" + type: "string" type: "object" overrideHonorLabels: description: "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects." @@ -3864,6 +3879,15 @@ spec: routePrefix: description: "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." type: "string" + runtime: + description: "RuntimeConfig configures the values for the Prometheus process behavior" + properties: + goGC: + description: "The Go garbage collection target percentage. Lowering this number may increase the CPU usage.\nSee: https://tip.golang.org/doc/gc-guide#GOGC" + format: "int32" + minimum: -1.0 + type: "integer" + type: "object" sampleLimit: description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" @@ -4201,20 +4225,30 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: default: "30s" description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" @@ -4409,7 +4443,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" + description: "Number of shards to distribute scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\nAlerting and recording rules\n\nBy default, the sharding is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class)." format: "int32" type: "integer" storage: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index ffe5a1d17..43c194348 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -160,7 +160,7 @@ spec: description: "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value." type: "boolean" authorization: - description: "Authorization header configuration to authenticate against the Consul Server." + description: "Optional Authorization header configuration to authenticate against the Consul Server.\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -184,7 +184,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "Optional BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -223,6 +223,7 @@ spec: type: "object" datacenter: description: "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter." + minLength: 1 type: "string" enableHTTP2: description: "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value." @@ -231,7 +232,8 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value." type: "boolean" namespace: - description: "Namespaces are only supported in Consul Enterprise." + description: "Namespaces are only supported in Consul Enterprise.\n\nIt requires Prometheus >= 2.28.0." + minLength: 1 type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." @@ -243,7 +245,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" oauth2: - description: "Optional OAuth 2.0 configuration." + description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -473,6 +475,11 @@ spec: type: "object" partition: description: "Admin Partitions are only supported in Consul Enterprise." + minLength: 1 + type: "string" + pathPrefix: + description: "Prefix for URIs for when consul is behind an API gateway (reverse proxy).\n\nIt requires Prometheus >= 2.45.0." + minLength: 1 type: "string" proxyConnectHeader: additionalProperties: @@ -515,7 +522,7 @@ spec: - "HTTPS" type: "string" server: - description: "A valid string consisting of a hostname or IP followed by an optional port number." + description: "Consul server address. A valid string consisting of a hostname or IP followed by an optional port number." minLength: 1 type: "string" services: @@ -523,18 +530,19 @@ spec: items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" + x-kubernetes-list-type: "set" tagSeparator: description: "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value." + minLength: 1 type: "string" tags: description: "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" + x-kubernetes-list-type: "set" tlsConfig: - description: "TLS Config" + description: "TLS configuration to connect to the Consul API." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -942,6 +950,9 @@ spec: type: "object" port: description: "The port to scrape metrics from." + format: "int32" + maximum: 65535.0 + minimum: 0.0 type: "integer" proxyConnectHeader: additionalProperties: @@ -2380,6 +2391,9 @@ spec: enableCompression: description: "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default." type: "boolean" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" eurekaSDConfigs: description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." items: @@ -7907,6 +7921,15 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: description: "ScrapeInterval is the interval between consecutive scrapes." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" @@ -7914,12 +7937,13 @@ spec: scrapeProtocols: description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" minItems: 1 type: "array" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml index c8aace24f..0e90b56d7 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml @@ -461,6 +461,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1147,6 +1150,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1698,6 +1704,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2251,6 +2260,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2804,6 +2816,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3424,6 +3439,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3933,6 +3951,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4498,6 +4519,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5027,6 +5051,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5518,6 +5545,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6002,6 +6032,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6523,6 +6556,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml index ee3623b6a..de5dd10a6 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml @@ -4115,6 +4115,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml index cf745a1a3..e0d15e25c 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml @@ -4127,6 +4127,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml index 0d1d10c8f..470632dbc 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml @@ -4093,6 +4093,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" @@ -7929,6 +7932,8 @@ spec: serviceUnhealthySecondThreshold: format: "int32" type: "integer" + upgradeStrategy: + type: "string" type: "object" status: properties: diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml index 391e5472a..03c5e9e92 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml @@ -353,6 +353,9 @@ spec: phase: description: "ConditionType represent a resource's status" type: "string" + poolID: + description: "optional" + type: "integer" snapshotScheduleStatus: description: "SnapshotScheduleStatusSpec is the status of the snapshot schedule" properties: diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml index caa039405..bb730cb4d 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml @@ -33,6 +33,9 @@ spec: spec: description: "spec defines the desired state of the operator." properties: + configuredClusterDomain: + description: "configuredClusterDomain allows users to set the configured Kubernetes cluster domain explicitly, instead of letting Scylla Operator automatically discover it." + type: "string" scyllaUtilsImage: description: "scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities." type: "string" @@ -52,6 +55,53 @@ spec: bashToolsImage: description: "bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes." type: "string" + clusterDomain: + description: "clusterDomain is the Kubernetes cluster domain used by the Scylla Operator." + type: "string" + conditions: + description: "conditions hold conditions describing ScyllaOperatorConfig state." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" grafanaImage: description: "grafanaImage is the image used by the operator to create a Grafana instance." type: "string" diff --git a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml index a6b1a69c4..66ad5af9c 100644 --- a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml +++ b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "enterprise.gloo.solo.io" names: + categories: + - "solo-io" + - "gloo-gateway" kind: "AuthConfig" listKind: "AuthConfigList" plural: "authconfigs" @@ -966,6 +969,33 @@ spec: required: - "config" type: "object" + portalAuth: + properties: + apiKeyHeader: + type: "string" + cacheDuration: + type: "string" + redisOptions: + properties: + db: + format: "int32" + type: "integer" + host: + type: "string" + poolSize: + format: "int32" + type: "integer" + socketType: + type: "string" + x-kubernetes-int-or-string: true + tlsCertMountPath: + type: "string" + type: "object" + requestTimeout: + type: "string" + url: + type: "string" + type: "object" type: "object" type: "array" failOnRedirect: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml index e0e16d2ea..866643226 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "Gateway" listKind: "GatewayList" plural: "gateways" @@ -3869,6 +3871,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -4209,6 +4219,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4326,6 +4344,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4463,6 +4489,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4640,6 +4674,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4757,6 +4799,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4894,6 +4944,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5063,6 +5121,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5180,6 +5246,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5317,6 +5391,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5442,6 +5524,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5559,6 +5649,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5749,6 +5847,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -6277,6 +6383,9 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "array" + tcpStats: + nullable: true + type: "boolean" type: "object" proxyNames: items: @@ -6538,6 +6647,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -6878,6 +6995,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6995,6 +7120,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7132,6 +7265,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7309,6 +7450,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7426,6 +7575,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7563,6 +7720,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7732,6 +7897,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7849,6 +8022,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7986,6 +8167,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8111,6 +8300,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8228,6 +8425,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8418,6 +8623,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml index d83978239..c87e8a530 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "MatchableHttpGateway" listKind: "MatchableHttpGatewayList" plural: "httpgateways" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index f5d4c1610..2b02d190d 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "RouteOption" listKind: "RouteOptionList" plural: "routeoptions" @@ -1856,6 +1858,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1973,6 +1983,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2110,6 +2128,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2287,6 +2313,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2404,6 +2438,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2541,6 +2583,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2710,6 +2760,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2827,6 +2885,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2964,6 +3030,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3111,6 +3185,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3228,6 +3310,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index 9143bd918..c8c0dd820 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "RouteTable" listKind: "RouteTableList" plural: "routetables" @@ -1966,6 +1968,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2083,6 +2093,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2220,6 +2238,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2397,6 +2423,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2514,6 +2548,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2651,6 +2693,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2820,6 +2870,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2937,6 +2995,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3074,6 +3140,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3221,6 +3295,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3338,6 +3420,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3660,6 +3750,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -4000,6 +4098,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4117,6 +4223,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4254,6 +4368,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4431,6 +4553,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4548,6 +4678,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4685,6 +4823,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4854,6 +5000,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4971,6 +5125,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5108,6 +5270,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5233,6 +5403,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5350,6 +5528,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5540,6 +5726,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml index 9171bd084..a7e7065f5 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "VirtualHostOption" listKind: "VirtualHostOptionList" plural: "virtualhostoptions" @@ -1512,6 +1514,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1629,6 +1639,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1766,6 +1784,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1943,6 +1969,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2060,6 +2094,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2197,6 +2239,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2366,6 +2416,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2483,6 +2541,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2620,6 +2686,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2759,6 +2833,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2876,6 +2958,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 700bc49bd..c02f2fe42 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "VirtualService" listKind: "VirtualServiceList" plural: "virtualservices" @@ -1602,6 +1604,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1719,6 +1729,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1856,6 +1874,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2033,6 +2059,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2150,6 +2184,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2287,6 +2329,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2456,6 +2506,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2573,6 +2631,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2710,6 +2776,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2849,6 +2923,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2966,6 +3048,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4985,6 +5075,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5102,6 +5200,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5239,6 +5345,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5416,6 +5530,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5533,6 +5655,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5670,6 +5800,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5839,6 +5977,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5956,6 +6102,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6093,6 +6247,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6240,6 +6402,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6357,6 +6527,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6679,6 +6857,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -7019,6 +7205,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7136,6 +7330,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7273,6 +7475,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7450,6 +7660,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7567,6 +7785,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7704,6 +7930,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7873,6 +8107,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7990,6 +8232,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8127,6 +8377,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8252,6 +8510,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8369,6 +8635,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8559,6 +8833,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml index 974e22ff7..af3234739 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Proxy" listKind: "ProxyList" plural: "proxies" @@ -456,6 +458,9 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "array" + tcpStats: + nullable: true + type: "boolean" type: "object" routeOptions: properties: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml index 143ba5ccf..35ad86bdc 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml @@ -7,6 +7,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Settings" listKind: "SettingsList" plural: "settings" diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml index 6db914ab6..153a9d830 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "UpstreamGroup" listKind: "UpstreamGroupList" plural: "upstreamgroups" @@ -192,6 +194,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -532,6 +542,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -649,6 +667,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -786,6 +812,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -963,6 +997,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1080,6 +1122,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1217,6 +1267,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1386,6 +1444,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1503,6 +1569,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1640,6 +1714,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1765,6 +1847,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1882,6 +1972,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml index 922e9c8e3..d33912a9e 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Upstream" listKind: "UpstreamList" plural: "upstreams" @@ -742,6 +744,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -1400,6 +1410,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -1766,6 +1784,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -2081,6 +2107,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml b/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml index 2894db266..e340565e8 100644 --- a/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml +++ b/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "graphql.gloo.solo.io" names: + categories: + - "solo-io" + - "gloo-gateway" kind: "GraphQLApi" listKind: "GraphQLApiList" plural: "graphqlapis" diff --git a/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml b/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml index 05c28c05a..ec85a5e30 100644 --- a/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml +++ b/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml @@ -551,7 +551,7 @@ spec: items: properties: authenticationClass: - description: "The AuthenticationClass to use.\n\n## TLS provider\n\nOnly affects client connections. This setting controls: - If clients need to authenticate themselves against the broker via TLS - Which ca.crt to use when validating the provided client certs\n\nThis will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`." + description: "The AuthenticationClass to use.\n\n## TLS provider\n\nOnly affects client connections. This setting controls: - If clients need to authenticate themselves against the broker via TLS - Which ca.crt to use when validating the provided client certs\n\nThis will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`.\n\n## Kerberos provider\n\nThis affects client connections and also requires TLS for encryption. This setting is used to reference an `AuthenticationClass` and in turn, a `SecretClass` that is used to create keytabs." type: "string" required: - "authenticationClass" diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs index 88862db40..a439bec6e 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs @@ -435,6 +435,9 @@ pub struct RedisEnterpriseClusterLdap { /// The maximum TTL of cached entries. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cacheTTLSeconds")] pub cache_ttl_seconds: Option, + /// The connection timeout to the LDAP server when authenticating a user, in seconds + #[serde(default, skip_serializing_if = "Option::is_none", rename = "directoryTimeoutSeconds")] + pub directory_timeout_seconds: Option, /// Whether to enable LDAP for control plane access. Disabled by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForControlPlane")] pub enabled_for_control_plane: Option, @@ -6753,6 +6756,9 @@ pub struct RedisEnterpriseClusterStatus { /// Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) #[serde(default, skip_serializing_if = "Option::is_none", rename = "bundledDatabaseVersions")] pub bundled_database_versions: Option>, + /// Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificatesStatus")] + pub certificates_status: Option, /// The ingressOrRouteSpec/ActiveActive spec method that exist #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressOrRouteMethodStatus")] pub ingress_or_route_method_status: Option, @@ -6786,6 +6792,17 @@ pub struct RedisEnterpriseClusterStatusBundledDatabaseVersions { pub version: String, } +/// Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RedisEnterpriseClusterStatusCertificatesStatus { + /// Generation stores the version of the cluster's Proxy and Syncer certificate secrets. In Active-Active databases, when a user updates the proxy or syncer certificate, a crdb-update command needs to be triggered to avoid potential sync issues. This helps the REAADB controller detect a change in a certificate and trigger a crdb-update. The version of the cluster's Proxy certificate secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub generation: Option, + /// The status of the cluster's certificates update + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStatus")] + pub update_status: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseClusterStatusLicenseStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "activationDate")] diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs index f636d5fd2..9adc09a95 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs @@ -35,7 +35,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurations { /// Connection/ association to the Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeActive")] pub active_active: Option, - /// Settings for database alerts + /// Settings for database alerts. Note - Alert settings are not supported for Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertSettings")] pub alert_settings: Option, /// Target for automatic database backups. @@ -86,7 +86,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurations { /// Connection to Redis Enterprise Cluster #[serde(default, skip_serializing_if = "Option::is_none", rename = "redisEnterpriseCluster")] pub redis_enterprise_cluster: Option, - /// Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis' + /// Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "redisVersion")] pub redis_version: Option, /// What databases to replicate from @@ -134,7 +134,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurationsActiveActive { pub participating_cluster_name: String, } -/// Settings for database alerts +/// Settings for database alerts. Note - Alert settings are not supported for Active-Active database. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurationsAlertSettings { /// Periodic backup has been delayed for longer than specified threshold value [minutes] @@ -524,6 +524,9 @@ pub struct RedisEnterpriseActiveActiveDatabaseRedisEnterpriseCluster { /// RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseActiveActiveDatabaseStatus { + /// Versions of the cluster's Proxy and Syncer certificates. In Active-Active databases, these are used to detect updates to the certificates, and trigger synchronization across the participating clusters. . + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterCertificatesGeneration")] + pub cluster_certificates_generation: Option, /// The active-active database corresponding GUID. #[serde(default, skip_serializing_if = "Option::is_none")] pub guid: Option, diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs index 806803c7d..a6b6b3a04 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs @@ -336,6 +336,8 @@ pub struct RedisEnterpriseClusterLdap { pub ca_certificate_secret_name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cacheTTLSeconds")] pub cache_ttl_seconds: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "directoryTimeoutSeconds")] + pub directory_timeout_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForControlPlane")] pub enabled_for_control_plane: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForDataPlane")] @@ -6543,6 +6545,8 @@ pub struct RedisEnterpriseClusterVolumesVsphereVolume { pub struct RedisEnterpriseClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "bundledDatabaseVersions")] pub bundled_database_versions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificatesStatus")] + pub certificates_status: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressOrRouteMethodStatus")] pub ingress_or_route_method_status: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "licenseStatus")] @@ -6572,6 +6576,14 @@ pub struct RedisEnterpriseClusterStatusBundledDatabaseVersions { pub version: String, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RedisEnterpriseClusterStatusCertificatesStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub generation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStatus")] + pub update_status: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseClusterStatusLicenseStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "activationDate")] diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs index 21d6c805f..0733cb8f1 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs @@ -55,7 +55,7 @@ pub struct RedisEnterpriseDatabaseSpec { /// memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB. #[serde(default, skip_serializing_if = "Option::is_none", rename = "memorySize")] pub memory_size: Option, - /// List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. + /// List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. Note - if you do not want to upgrade to the latest version you must set upgradeSpec -> upgradeModulesToLatest to false. if you specify a version and do not set the upgradeModulesToLatest it can result errors in the operator. in addition, the option to specify specific version is Deprecated and will be deleted in next releases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "modulesList")] pub modules_list: Option>, /// OSS Cluster mode option. Note that not all client libraries support OSS cluster mode. @@ -387,7 +387,7 @@ pub struct RedisEnterpriseDatabaseModulesList { pub config: Option, /// The module's name e.g "ft" for redissearch pub name: String, - /// Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB + /// DEPRECATED - Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB #[serde(default, skip_serializing_if = "Option::is_none")] pub version: Option, } @@ -482,7 +482,7 @@ pub enum RedisEnterpriseDatabaseType { /// Specifications for DB upgrade. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseDatabaseUpgradeSpec { - /// Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifing the version. in addition, This field is currently not supported for Active-Active databases. + /// DEPRECATED Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifying the version. in addition, This field is currently not supported for Active-Active databases. The default is true #[serde(rename = "upgradeModulesToLatest")] pub upgrade_modules_to_latest: bool, } diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs index 1c087b4d5..de51ce25e 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs @@ -20,6 +20,9 @@ pub struct RedisEnterpriseRemoteClusterSpec { /// The URL of the cluster, will be used for the active-active database URL. #[serde(rename = "apiFqdnUrl")] pub api_fqdn_url: String, + /// The port number of the cluster's URL used for connectivity/sync + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiPort")] + pub api_port: Option, /// The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dbFqdnSuffix")] pub db_fqdn_suffix: Option, @@ -36,6 +39,9 @@ pub struct RedisEnterpriseRemoteClusterSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseRemoteClusterStatus { + /// The observed secret resource version. Used for internal purposes only. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalObservedSecretResourceVersion")] + pub internal_observed_secret_resource_version: Option, /// Indicates whether this object represents a local or a remote cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub local: Option, diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs index 4d6ef745a..68211dca3 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs @@ -332,7 +332,7 @@ pub struct ClusterComponentSpecs { /// If no version is specified, the latest available version will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + /// Overrides services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, /// Stop the Component. @@ -7724,7 +7724,7 @@ pub struct ClusterShardingsTemplate { /// If no version is specified, the latest available version will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + /// Overrides services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, /// Stop the Component. diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs index bc5e5b656..577b85c0a 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs @@ -5441,6 +5441,12 @@ pub struct ComponentDefinitionLifecycleActions { /// that only the necessary data is exported for import into the new replica. /// /// + /// The container executing this action has access to following environment variables: + /// + /// + /// - KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded. + /// + /// /// Note: This field is immutable once it has been set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataDump")] pub data_dump: Option, @@ -6235,6 +6241,12 @@ pub struct ComponentDefinitionLifecycleActionsAvailableProbeRetryPolicy { /// that only the necessary data is exported for import into the new replica. /// /// +/// The container executing this action has access to following environment variables: +/// +/// +/// - KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded. +/// +/// /// Note: This field is immutable once it has been set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionLifecycleActionsDataDump { diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs index 1480cdef9..796e35aaa 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs @@ -172,9 +172,12 @@ pub struct ComponentSpec { /// The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides Services defined in referenced ComponentDefinition and exposes endpoints that can be accessed by clients. + /// Overrides Services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, + /// Specifies the sidecars to be injected into the Component. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sidecars: Option>, /// Stop the Component. /// If set, all the computing resources will be released. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4629,6 +4632,23 @@ pub struct ComponentServicesSpecSessionAffinityConfigClientIp { pub timeout_seconds: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentSidecars { + /// Name specifies the unique name of the sidecar. + /// + /// + /// The name will be used as the name of the sidecar container in the Pod. + pub name: String, + /// Specifies the exact component definition that the sidecar belongs to. + /// + /// + /// A sidecar will be updated when the owner component definition is updated only. + pub owner: String, + /// Specifies the sidecar definition CR to be used to create the sidecar. + #[serde(rename = "sidecarDef")] + pub sidecar_def: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentSystemAccounts { /// The name of the system account. diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs index 122d20335..527f8ae24 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs @@ -73,6 +73,9 @@ pub struct ApplicationOperationRetryBackoff { /// Sync contains parameters for the operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSync { + /// SelfHealAttemptsCount contains the number of auto-heal attempts + #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoHealAttemptsCount")] + pub auto_heal_attempts_count: Option, /// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] pub dry_run: Option, @@ -207,12 +210,23 @@ pub struct ApplicationOperationSyncSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -267,6 +281,10 @@ pub struct ApplicationOperationSyncSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -288,6 +306,10 @@ pub struct ApplicationOperationSyncSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -472,12 +494,23 @@ pub struct ApplicationOperationSyncSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -532,6 +565,10 @@ pub struct ApplicationOperationSyncSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -553,6 +590,10 @@ pub struct ApplicationOperationSyncSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -846,12 +887,23 @@ pub struct ApplicationSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -906,6 +958,10 @@ pub struct ApplicationSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -927,6 +983,10 @@ pub struct ApplicationSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1111,12 +1171,23 @@ pub struct ApplicationSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1171,6 +1242,10 @@ pub struct ApplicationSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1192,6 +1267,10 @@ pub struct ApplicationSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1549,12 +1628,23 @@ pub struct ApplicationStatusHistorySourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1609,6 +1699,10 @@ pub struct ApplicationStatusHistorySourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1630,6 +1724,10 @@ pub struct ApplicationStatusHistorySourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1814,12 +1912,23 @@ pub struct ApplicationStatusHistorySourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1874,6 +1983,10 @@ pub struct ApplicationStatusHistorySourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1895,6 +2008,10 @@ pub struct ApplicationStatusHistorySourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2079,6 +2196,9 @@ pub struct ApplicationStatusOperationStateOperationRetryBackoff { /// Sync contains parameters for the operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSync { + /// SelfHealAttemptsCount contains the number of auto-heal attempts + #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoHealAttemptsCount")] + pub auto_heal_attempts_count: Option, /// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] pub dry_run: Option, @@ -2213,12 +2333,23 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceDirectoryJsonnetTla /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2273,6 +2404,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2294,6 +2429,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2478,12 +2617,23 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesDirectoryJsonnetTl /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2538,6 +2688,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2559,6 +2713,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2836,12 +2994,23 @@ pub struct ApplicationStatusOperationStateSyncResultSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2896,6 +3065,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2917,6 +3090,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3101,12 +3278,23 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesDirectoryJsonnetTlas /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3161,6 +3349,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3182,6 +3374,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3483,12 +3679,23 @@ pub struct ApplicationStatusSyncComparedToSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3543,6 +3750,10 @@ pub struct ApplicationStatusSyncComparedToSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3564,6 +3775,10 @@ pub struct ApplicationStatusSyncComparedToSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3748,12 +3963,23 @@ pub struct ApplicationStatusSyncComparedToSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3808,6 +4034,10 @@ pub struct ApplicationStatusSyncComparedToSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3829,6 +4059,10 @@ pub struct ApplicationStatusSyncComparedToSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs index b41b0ae02..698f41c35 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs @@ -27,6 +27,9 @@ pub struct AppProjectSpec { /// Description contains optional project description #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, + /// DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "destinationServiceAccounts")] + pub destination_service_accounts: Option>, /// Destinations contains list of destinations available for deployment #[serde(default, skip_serializing_if = "Option::is_none")] pub destinations: Option>, @@ -75,6 +78,19 @@ pub struct AppProjectClusterResourceWhitelist { pub kind: String, } +/// ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AppProjectDestinationServiceAccounts { + /// DefaultServiceAccount to be used for impersonation during the sync operation + #[serde(rename = "defaultServiceAccount")] + pub default_service_account: String, + /// Namespace specifies the target namespace for the application's resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Server specifies the URL of the target cluster's Kubernetes control plane API. + pub server: String, +} + /// ApplicationDestination holds information about the application's destination #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectDestinations { diff --git a/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs b/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs index 55f4b7582..1efde5cf4 100644 --- a/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs +++ b/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs @@ -39,7 +39,6 @@ pub struct CronFederatedHPARules { /// Name of the rule. /// Each rule in a CronFederatedHPA must have a unique name. /// - /// /// Note: the name will be used as an identifier to record its execution /// history. Changing the name will be considered as deleting the old rule /// and adding a new rule, that means the original execution history will be diff --git a/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs b/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs index 721a458cc..6f67ae289 100644 --- a/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs +++ b/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs @@ -395,8 +395,12 @@ pub struct BuildTasksBuilderMavenCaSecrets { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -441,8 +445,12 @@ pub struct BuildTasksBuilderMavenProfilesConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -456,8 +464,12 @@ pub struct BuildTasksBuilderMavenProfilesSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -547,8 +559,12 @@ pub struct BuildTasksBuilderMavenSettingsConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -562,8 +578,12 @@ pub struct BuildTasksBuilderMavenSettingsSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -589,8 +609,12 @@ pub struct BuildTasksBuilderMavenSettingsSecurityConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -604,8 +628,12 @@ pub struct BuildTasksBuilderMavenSettingsSecuritySecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1207,8 +1235,12 @@ pub struct BuildTasksPackageMavenCaSecrets { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1253,8 +1285,12 @@ pub struct BuildTasksPackageMavenProfilesConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1268,8 +1304,12 @@ pub struct BuildTasksPackageMavenProfilesSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1359,8 +1399,12 @@ pub struct BuildTasksPackageMavenSettingsConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1374,8 +1418,12 @@ pub struct BuildTasksPackageMavenSettingsSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1401,8 +1449,12 @@ pub struct BuildTasksPackageMavenSettingsSecurityConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1416,8 +1468,12 @@ pub struct BuildTasksPackageMavenSettingsSecuritySecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs index ee5584c1e..7a53a9c8f 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs @@ -241,6 +241,9 @@ pub struct CephBlockPoolStatus { /// ConditionType represent a resource's status #[serde(default, skip_serializing_if = "Option::is_none")] pub phase: Option, + /// optional + #[serde(default, skip_serializing_if = "Option::is_none", rename = "poolID")] + pub pool_id: Option, /// SnapshotScheduleStatusSpec is the status of the snapshot schedule #[serde(default, skip_serializing_if = "Option::is_none", rename = "snapshotScheduleStatus")] pub snapshot_schedule_status: Option, diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs index f8123511b..1cca8dd82 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs @@ -176,7 +176,7 @@ pub struct CiliumEndpointStatusIdentity { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumEndpointStatusLog { /// Code indicate type of status change - /// Enum: [ok failed] + /// Enum: ["ok","failed"] #[serde(default, skip_serializing_if = "Option::is_none")] pub code: Option, /// Status message @@ -202,7 +202,7 @@ pub struct CiliumEndpointStatusNamedPorts { #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Layer 4 protocol - /// Enum: [TCP UDP SCTP ICMP ICMPV6 ANY] + /// Enum: ["TCP","UDP","SCTP","ICMP","ICMPV6","ANY"] #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs index 3b88b9b16..daef92de1 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs @@ -53,7 +53,7 @@ pub struct CiliumEndpointSliceEndpointsNamedPorts { #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Layer 4 protocol - /// Enum: [TCP UDP SCTP ICMP ICMPV6 ANY] + /// Enum: ["TCP","UDP","SCTP","ICMP","ICMPV6","ANY"] #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs index ffe97f4b8..36327d3ca 100644 --- a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs +++ b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs @@ -88,7 +88,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsDependencyInterpretatio /// a specific resource. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function GetDependencies(desiredObj) @@ -106,16 +105,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsDependencyInterpretatio /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - /// /// The returned value should be expressed by a slice of DependentObjectReference. #[serde(rename = "luaScript")] pub lua_script: String, @@ -129,7 +125,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsHealthInterpretation { /// a specific resource. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function InterpretHealth(observedObj) @@ -139,16 +134,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsHealthInterpretation { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned boolean value indicates the health status. #[serde(rename = "luaScript")] pub lua_script: String, @@ -166,10 +158,8 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaResource { /// LuaScript holds the Lua script that is used to discover the resource's /// replica as well as resource requirements /// - /// /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function GetReplicas(desiredObj) @@ -183,16 +173,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaResource { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - /// /// The function expects two return values: /// - replica: the declared replica number /// - requirement: the resource required by each replica expressed with a @@ -213,7 +200,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaRevision { /// LuaScript holds the Lua script that is used to revise replicas in the desired specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function ReviseReplica(desiredObj, desiredReplica) @@ -222,17 +208,14 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaRevision { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - desiredReplica: the replica number should be applied with. /// - /// /// The returned object should be a revised configuration which will be /// applied to member cluster eventually. #[serde(rename = "luaScript")] @@ -251,10 +234,8 @@ pub struct ResourceInterpreterCustomizationCustomizationsRetention { /// LuaScript holds the Lua script that is used to retain runtime values /// to the desired specification. /// - /// /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function Retain(desiredObj, observedObj) @@ -263,18 +244,15 @@ pub struct ResourceInterpreterCustomizationCustomizationsRetention { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned object should be a retained configuration which will be /// applied to member cluster eventually. #[serde(rename = "luaScript")] @@ -292,7 +270,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusAggregation { /// to the desired specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function AggregateStatus(desiredObj, statusItems) @@ -303,16 +280,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusAggregation { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents a resource template. /// - statusItems: the slice of status expressed with AggregatedStatusItem. /// - /// /// The returned object should be a whole object with status aggregated. #[serde(rename = "luaScript")] pub lua_script: String, @@ -327,7 +301,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusReflection { /// LuaScript holds the Lua script that is used to get the status from the observed specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function ReflectStatus(observedObj) @@ -337,16 +310,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusReflection { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned status could be the whole status or part of it and will /// be set into both Work and ResourceBinding(ClusterResourceBinding). #[serde(rename = "luaScript")] diff --git a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs index 6d37823f1..19cea8e79 100644 --- a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs +++ b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs @@ -49,7 +49,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// `service` is a reference to the service for this webhook. Either /// `service` or `url` must be specified. /// - /// /// If the webhook is running within the cluster, then you should use `service`. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -57,29 +56,24 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// (`scheme://host:port/path`). Exactly one of `url` or `service` /// must be specified. /// - /// /// The `host` should not refer to a service running in the cluster; use /// the `service` field instead. The host might be resolved via external /// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve /// in-cluster DNS as that would be a layering violation). `host` may /// also be an IP address. /// - /// /// Please note that using `localhost` or `127.0.0.1` as a `host` is /// risky unless you take great care to run this webhook on all hosts /// which run an apiserver which might need to make calls to this /// webhook. Such installs are likely to be non-portable, i.e., not easy /// to turn up in a new cluster. /// - /// /// The scheme must be "https"; the URL must begin with "https://". /// - /// /// A path is optional, and if present may be any string permissible in /// a URL. You may use the path to pass an arbitrary string to the /// webhook, for example, a cluster identifier. /// - /// /// Attempting to use a user or basic auth e.g. "user:password@" is not /// allowed. Fragments ("#...") and query parameters ("?...") are not /// allowed, either. @@ -90,7 +84,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// `service` is a reference to the service for this webhook. Either /// `service` or `url` must be specified. /// -/// /// If the webhook is running within the cluster, then you should use `service`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfigService { @@ -121,7 +114,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksRules { /// ["apps", "batch", "example.io"] means matches 3 groups. /// ["*"] means matches all group /// - /// /// Note: The group could be empty, e.g the 'core' group of kubernetes, in that case use [""]. #[serde(rename = "apiGroups")] pub api_groups: Vec, diff --git a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs index e4de37906..c0a62a324 100644 --- a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs +++ b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs @@ -484,7 +484,6 @@ pub struct DatadogAgentFeaturesApm { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesApmHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -824,7 +823,6 @@ pub struct DatadogAgentFeaturesDogstatsd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesDogstatsdHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -1295,7 +1293,7 @@ pub struct DatadogAgentFeaturesOtlpReceiverProtocols { /// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpc { - /// Enable the OTLP/gRPC endpoint. + /// Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/gRPC. @@ -1304,18 +1302,52 @@ pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpc { /// Default: `0.0.0.0:4317`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPort for OTLP/gRPC + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPort for OTLP/gRPC +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpcHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesOtlpReceiverProtocolsHttp { - /// Enable the OTLP/HTTP endpoint. + /// Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/HTTP. /// Default: '0.0.0.0:4318'. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPorts for OTLP/HTTP + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPorts for OTLP/HTTP +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesOtlpReceiverProtocolsHttpHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// ProcessDiscovery configuration. @@ -1455,12 +1487,27 @@ pub struct DatadogAgentGlobal { /// Overrides the site setting defined in `Site`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Env contains a list of environment variables that are set for all Agents. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, /// FIPS contains configuration used to customize the FIPS proxy sidecar. #[serde(default, skip_serializing_if = "Option::is_none")] pub fips: Option, /// Kubelet contains the kubelet configuration parameters. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubelet: Option, + /// Provide a mapping of Kubernetes Resource Groups to annotations mapping to Datadog Tags. + /// : + /// : + /// KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesResourcesAnnotationsAsTags")] + pub kubernetes_resources_annotations_as_tags: Option>, + /// Provide a mapping of Kubernetes Resource Groups to labels mapping to Datadog Tags. + /// : + /// : + /// KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesResourcesLabelsAsTags")] + pub kubernetes_resources_labels_as_tags: Option>, /// LocalService contains configuration to customize the internal traffic policy service. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localService")] pub local_service: Option, @@ -1497,10 +1544,18 @@ pub struct DatadogAgentGlobal { pub pod_labels_as_tags: Option>, /// Registry is the image registry to use for all Agent images. /// Use 'public.ecr.aws/datadog' for AWS ECR. + /// Use 'datadoghq.azurecr.io' for Azure Container Registry. + /// Use 'gcr.io/datadoghq' for Google Container Registry. + /// Use 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region. + /// Use 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region. /// Use 'docker.io/datadog' for DockerHub. /// Default: 'gcr.io/datadoghq' #[serde(default, skip_serializing_if = "Option::is_none")] pub registry: Option, + /// Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management + /// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretBackend")] + pub secret_backend: Option, /// Site is the Datadog intake site Agent data are sent to. /// Set to 'datadoghq.com' to send data to the US1 site (default). /// Set to 'datadoghq.eu' to send data to the EU site. @@ -1633,6 +1688,102 @@ pub struct DatadogAgentGlobalEndpointCredentialsAppSecret { pub secret_name: String, } +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// FIPS contains configuration used to customize the FIPS proxy sidecar. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentGlobalFips { @@ -1956,6 +2107,44 @@ pub struct DatadogAgentGlobalOriginDetectionUnified { pub enabled: Option, } +/// Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management +/// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalSecretBackend { + /// List of arguments to pass to the command (space-separated strings). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option, + /// The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`. + /// Read more about `/readsecret_multiple_providers.sh` at https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets. + /// Default: `false`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableGlobalPermissions")] + pub enable_global_permissions: Option, + /// Roles for Datadog to read the specified secrets, replacing `enableGlobalPermissions`. + /// They are defined as a list of namespace/secrets. + /// Each defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`. + /// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// The command timeout in seconds. + /// Default: `30`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// SecretBackendRolesConfig provides configuration of the secrets Datadog agents can read for the SecretBackend feature +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalSecretBackendRoles { + /// Namespace defines the namespace in which the secrets reside. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Secrets defines the list of secrets for which a role should be created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + /// Override the default configurations of the agents #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverride { @@ -2000,6 +2189,10 @@ pub struct DatadogAgentOverride { /// See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, + /// EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables. + /// Priority is env > envFrom. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] + pub env_from: Option>, /// Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ /// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraChecksd")] @@ -2041,6 +2234,9 @@ pub struct DatadogAgentOverride { /// Pod-level SecurityContext. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Sets the ServiceAccountAnnotations used by this component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountAnnotations")] + pub service_account_annotations: Option>, /// Sets the ServiceAccount used by this component. /// Ignored if the field CreateRbac is true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] @@ -3515,6 +3711,46 @@ pub struct DatadogAgentOverrideEnvValueFromSecretKeyRef { pub optional: Option, } +/// EnvFromSource represents the source of a set of ConfigMaps +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFrom { + /// The ConfigMap to select from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRef")] + pub config_map_ref: Option, + /// An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, + /// The Secret to select from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// The ConfigMap to select from +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFromConfigMapRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// The Secret to select from +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFromSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ /// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5992,7 +6228,6 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApm { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApmHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -6332,7 +6567,6 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -6803,7 +7037,7 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtoc /// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsGrpc { - /// Enable the OTLP/gRPC endpoint. + /// Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/gRPC. @@ -6812,18 +7046,52 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtoc /// Default: `0.0.0.0:4317`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPort for OTLP/gRPC + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPort for OTLP/gRPC +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsGrpcHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsHttp { - /// Enable the OTLP/HTTP endpoint. + /// Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/HTTP. /// Default: '0.0.0.0:4318'. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPorts for OTLP/HTTP + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPorts for OTLP/HTTP +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsHttpHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// ProcessDiscovery configuration. diff --git a/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs b/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs index 454dd4c61..0722caaed 100644 --- a/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs +++ b/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs @@ -24,6 +24,8 @@ pub struct ValsSecretSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub rollout: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub template: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub ttl: Option, @@ -36,7 +38,8 @@ pub struct ValsSecretData { /// Encoding type for the secret. Only base64 supported. Optional #[serde(default, skip_serializing_if = "Option::is_none")] pub encoding: Option, - /// Ref value to the secret in the format ref+backend://path https://github.com/helmfile/vals + /// Ref value to the secret in the format ref+backend://path + /// https://github.com/helmfile/vals #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] pub r#ref: Option, } @@ -82,6 +85,15 @@ pub struct ValsSecretDatabasesLoginCredentials { pub username_key: Option, } +/// RolloutTarget sets up what deployment or sts to restart +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ValsSecretRollout { + /// Kind is either Deployment, Pod or StatefulSet + pub kind: String, + /// Name is the object name + pub name: String, +} + /// ValsSecretStatus defines the observed state of ValsSecret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ValsSecretStatus { diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs index 28ca0c70c..89fe4d860 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs @@ -61,8 +61,10 @@ pub struct ClusterExternalSecretExternalSecretSpec { /// If multiple entries are specified, the Secret keys are merged in the specified order #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataFrom")] pub data_from: Option>, - /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider + /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + /// specified as Golang Duration strings. /// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + /// Example values: "1h", "2h30m", "5d", "10s" /// May be set to zero to fetch and create it once. Defaults to 1h. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs index ad1d87640..962f245c2 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs @@ -27,8 +27,10 @@ pub struct ExternalSecretSpec { /// If multiple entries are specified, the Secret keys are merged in the specified order #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataFrom")] pub data_from: Option>, - /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider + /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + /// specified as Golang Duration strings. /// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + /// Example values: "1h", "2h30m", "5d", "10s" /// May be set to zero to fetch and create it once. Defaults to 1h. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs index 8eb5f3917..8bc067ebf 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs @@ -921,54 +921,55 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingTolerations { /// `flowFilter` defines the eBPF agent configuration regarding flow filtering. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfFlowFilter { - /// `action` defines the action to perform on the flows that match the filter. + /// `action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`. #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// `cidr` defines the IP CIDR to filter flows by. /// Examples: `10.10.10.0/24` or `100:100:100:100::/64` #[serde(default, skip_serializing_if = "Option::is_none")] pub cidr: Option, - /// `destPorts` defines the destination ports to filter flows by. + /// `destPorts` optionally defines the destination ports to filter flows by. /// To filter a single port, set a single port as an integer value. For example, `destPorts: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `destPorts: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "destPorts")] pub dest_ports: Option, - /// `direction` defines the direction to filter flows by. + /// `direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`. #[serde(default, skip_serializing_if = "Option::is_none")] pub direction: Option, /// Set `enable` to `true` to enable the eBPF flow filtering feature. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, - /// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by. + /// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpCode")] pub icmp_code: Option, - /// `icmpType`, for ICMP traffic, defines the ICMP type to filter flows by. + /// `icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpType")] pub icmp_type: Option, - /// `peerIP` defines the IP address to filter flows by. + /// `peerIP` optionally defines the remote IP address to filter flows by. /// Example: `10.10.10.10`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "peerIP")] pub peer_ip: Option, - /// `pktDrops` filters flows with packet drops + /// `pktDrops` optionally filters only flows containing packet drops. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pktDrops")] pub pkt_drops: Option, - /// `ports` defines the ports to filter flows by. It is used both for source and destination ports. + /// `ports` optionally defines the ports to filter flows by. It is used both for source and destination ports. /// To filter a single port, set a single port as an integer value. For example, `ports: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `ports: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option, - /// `protocol` defines the protocol to filter flows by. + /// `protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`. #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// `sourcePorts` defines the source ports to filter flows by. + /// `sourcePorts` optionally defines the source ports to filter flows by. /// To filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `sourcePorts: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourcePorts")] pub source_ports: Option, - /// `tcpFlags` defines the TCP flags to filter flows by. + /// `tcpFlags` optionally defines TCP flags to filter flows by. + /// In addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK`, and `RST-ACK`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpFlags")] pub tcp_flags: Option, } @@ -1147,7 +1148,7 @@ pub struct FlowCollectorAgentEbpfMetricsServerTlsProvidedCaFile { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2416,7 +2417,7 @@ pub struct FlowCollectorExporters { /// OpenTelemetry configuration, such as the IP address and port to send enriched logs or metrics to. #[serde(default, skip_serializing_if = "Option::is_none", rename = "openTelemetry")] pub open_telemetry: Option, - /// `type` selects the type of exporters. The available options are `Kafka` and `IPFIX`. + /// `type` selects the type of exporters. The available options are `Kafka`, `IPFIX`, and `OpenTelemetry`. #[serde(rename = "type")] pub r#type: FlowCollectorExportersType, } @@ -2486,7 +2487,7 @@ pub struct FlowCollectorExportersKafkaSaslClientIdReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2513,7 +2514,7 @@ pub struct FlowCollectorExportersKafkaSaslClientSecretReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2812,7 +2813,7 @@ pub struct FlowCollectorKafkaSaslClientIdReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2839,7 +2840,7 @@ pub struct FlowCollectorKafkaSaslClientSecretReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -3440,7 +3441,7 @@ pub struct FlowCollectorNetworkPolicy { pub additional_namespaces: Option>, /// Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default. /// These network policies better isolate the NetObserv components to prevent undesired connections to them. - /// We recommend you either enable it, or create your own network policy for NetObserv. + /// To increase the security of connections, enable this option or create your own network policy. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, } @@ -4670,7 +4671,7 @@ pub struct FlowCollectorProcessorMetricsServerTlsProvidedCaFile { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs index 83598943a..be29cfc82 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs @@ -219,7 +219,7 @@ pub struct ClusterFluentBitConfigService { pub emitter_storage_type: Option, /// Interval to flush output #[serde(default, skip_serializing_if = "Option::is_none", rename = "flushSeconds")] - pub flush_seconds: Option, + pub flush_seconds: Option, /// Wait time on exit #[serde(default, skip_serializing_if = "Option::is_none", rename = "graceSeconds")] pub grace_seconds: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs index 2c2a2560a..fc0497d6f 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs @@ -3031,6 +3031,9 @@ pub struct ClusterOutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKey")] + pub logs_body_key: Option, /// If true, remaining unmatched keys are added as attributes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] pub logs_body_key_attributes: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs index 2fb459a9d..1dde140bf 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs @@ -236,7 +236,7 @@ pub struct FluentBitConfigService { pub emitter_storage_type: Option, /// Interval to flush output #[serde(default, skip_serializing_if = "Option::is_none", rename = "flushSeconds")] - pub flush_seconds: Option, + pub flush_seconds: Option, /// Wait time on exit #[serde(default, skip_serializing_if = "Option::is_none", rename = "graceSeconds")] pub grace_seconds: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs index a850eaa5c..93cd19041 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs @@ -3032,6 +3032,9 @@ pub struct OutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKey")] + pub logs_body_key: Option, /// If true, remaining unmatched keys are added as attributes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] pub logs_body_key_attributes: Option, diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs index 08406ff88..2ae06b0b2 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs @@ -381,6 +381,8 @@ pub struct MigrationStatusVmsWarm { /// Precopy durations #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MigrationStatusVmsWarmPrecopies { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deltas: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub end: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -389,3 +391,10 @@ pub struct MigrationStatusVmsWarmPrecopies { pub start: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MigrationStatusVmsWarmPrecopiesDeltas { + #[serde(rename = "deltaId")] + pub delta_id: String, + pub disk: String, +} + diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs index 569c74c86..5dd9e4e61 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs @@ -782,6 +782,8 @@ pub struct PlanStatusMigrationVmsWarm { /// Precopy durations #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PlanStatusMigrationVmsWarmPrecopies { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deltas: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub end: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -790,3 +792,10 @@ pub struct PlanStatusMigrationVmsWarmPrecopies { pub start: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PlanStatusMigrationVmsWarmPrecopiesDeltas { + #[serde(rename = "deltaId")] + pub delta_id: String, + pub disk: String, +} + diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs index 3aab3a55b..619fdaaa7 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs @@ -32,6 +32,9 @@ pub struct GrafanaDatasourceSpec { /// how often the datasource is refreshed, defaults to 5m if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, + /// The UID, for the datasource, fallback to the deprecated spec.datasource.uid and metadata.uid + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, /// environments variables from secrets or config maps #[serde(default, skip_serializing_if = "Option::is_none", rename = "valuesFrom")] pub values_from: Option>, @@ -47,7 +50,7 @@ pub struct GrafanaDatasourceDatasource { pub basic_auth_user: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, - /// Deprecated field, it has no effect + /// Whether to enable/disable editing of the datasource in Grafana UI #[serde(default, skip_serializing_if = "Option::is_none")] pub editable: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "isDefault")] @@ -63,6 +66,7 @@ pub struct GrafanaDatasourceDatasource { pub secure_json_data: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, + /// Deprecated field, use spec.uid instead #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshotcontents.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshotcontents.rs index bf9f99f81..58f0afde3 100644 --- a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshotcontents.rs +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshotcontents.rs @@ -178,11 +178,6 @@ pub struct VolumeGroupSnapshotContentStatus { /// Upon success after retry, this error field will be cleared. #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, - /// PVVolumeSnapshotContentList is the list of pairs of PV and - /// VolumeSnapshotContent for this group snapshot - /// The maximum number of allowed snapshots in the group is 100. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvVolumeSnapshotContentList")] - pub pv_volume_snapshot_content_list: Option>, /// ReadyToUse indicates if all the individual snapshots in the group are ready to be /// used to restore a group of volumes. /// ReadyToUse becomes true when ReadyToUse of all individual snapshots become true. @@ -216,38 +211,6 @@ pub struct VolumeGroupSnapshotContentStatusError { pub time: Option, } -/// PVVolumeSnapshotContentPair represent a pair of PV names and -/// VolumeSnapshotContent names -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotContentStatusPvVolumeSnapshotContentList { - /// PersistentVolumeRef is a reference to the persistent volume resource - #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeRef")] - pub persistent_volume_ref: Option, - /// VolumeSnapshotContentRef is a reference to the volume snapshot content resource - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeSnapshotContentRef")] - pub volume_snapshot_content_ref: Option, -} - -/// PersistentVolumeRef is a reference to the persistent volume resource -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotContentStatusPvVolumeSnapshotContentListPersistentVolumeRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - -/// VolumeSnapshotContentRef is a reference to the volume snapshot content resource -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotContentStatusPvVolumeSnapshotContentListVolumeSnapshotContentRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - /// VolumeSnapshotHandlePair defines a pair of a source volume handle and a snapshot handle #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct VolumeGroupSnapshotContentStatusVolumeSnapshotHandlePairList { diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshots.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshots.rs index 21cfabdb0..acfdda990 100644 --- a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshots.rs +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1alpha1/volumegroupsnapshots.rs @@ -126,11 +126,6 @@ pub struct VolumeGroupSnapshotStatus { /// group snapshot creation. Upon success, this error field will be cleared. #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, - /// VolumeSnapshotRefList is the list of PVC and VolumeSnapshot pairs that - /// is part of this group snapshot. - /// The maximum number of allowed snapshots in the group is 100. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "pvcVolumeSnapshotRefList")] - pub pvc_volume_snapshot_ref_list: Option>, /// ReadyToUse indicates if all the individual snapshots in the group are ready /// to be used to restore a group of volumes. /// ReadyToUse becomes true when ReadyToUse of all individual snapshots become true. @@ -158,34 +153,3 @@ pub struct VolumeGroupSnapshotStatusError { pub time: Option, } -/// PVCVolumeSnapshotPair defines a pair of a PVC reference and a Volume Snapshot Reference -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotStatusPvcVolumeSnapshotRefList { - /// PersistentVolumeClaimRef is a reference to the PVC this pair is referring to - #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaimRef")] - pub persistent_volume_claim_ref: Option, - /// VolumeSnapshotRef is a reference to the VolumeSnapshot this pair is referring to - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeSnapshotRef")] - pub volume_snapshot_ref: Option, -} - -/// PersistentVolumeClaimRef is a reference to the PVC this pair is referring to -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotStatusPvcVolumeSnapshotRefListPersistentVolumeClaimRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - -/// VolumeSnapshotRef is a reference to the VolumeSnapshot this pair is referring to -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct VolumeGroupSnapshotStatusPvcVolumeSnapshotRefListVolumeSnapshotRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - diff --git a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs index bc6aa2600..b05faf0af 100644 --- a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs +++ b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs @@ -477,7 +477,7 @@ pub struct MachinePoolPlatformIbmcloudDedicatedHosts { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MachinePoolPlatformOpenstack { /// AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID - /// is presented in the format sg-xxxx. + /// is presented in the UUID format. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalSecurityGroupIDs")] pub additional_security_group_i_ds: Option>, /// Flavor defines the OpenStack Nova flavor. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs index de0389ab4..ddff0842b 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs @@ -64,6 +64,9 @@ pub struct VSphereFailureDomainTopology { /// Hosts has information required for placement of machines on VSphere hosts. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option, + /// NetworkConfigurations is a list of network configurations within this failure domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkConfigurations")] + pub network_configurations: Option>, /// Networks is the list of networks within this failure domain #[serde(default, skip_serializing_if = "Option::is_none")] pub networks: Option>, @@ -80,6 +83,162 @@ pub struct VSphereFailureDomainTopologyHosts { pub vm_group_name: String, } +/// NetworkConfiguration defines a network configuration that should be used when consuming +/// a failure domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurations { + /// AddressesFromPools is a list of IPAddressPools that should be assigned + /// to IPAddressClaims. The machine's cloud-init metadata will be populated + /// with IPAddresses fulfilled by an IPAM provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "addressesFromPools")] + pub addresses_from_pools: Option>, + /// DHCP4 is a flag that indicates whether or not to use DHCP for IPv4. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dhcp4: Option, + /// DHCP4Overrides allows for the control over several DHCP behaviors. + /// Overrides will only be applied when the corresponding DHCP flag is set. + /// Only configured values will be sent, omitted values will default to + /// distribution defaults. + /// Dependent on support in the network stack for your distribution. + /// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dhcp4Overrides")] + pub dhcp4_overrides: Option, + /// DHCP6 is a flag that indicates whether or not to use DHCP for IPv6. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dhcp6: Option, + /// DHCP6Overrides allows for the control over several DHCP behaviors. + /// Overrides will only be applied when the corresponding DHCP flag is set. + /// Only configured values will be sent, omitted values will default to + /// distribution defaults. + /// Dependent on support in the network stack for your distribution. + /// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dhcp6Overrides")] + pub dhcp6_overrides: Option, + /// Nameservers is a list of IPv4 and/or IPv6 addresses used as DNS + /// nameservers. + /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nameservers: Option>, + /// NetworkName is the network name for this machine's VM. + #[serde(rename = "networkName")] + pub network_name: String, + /// SearchDomains is a list of search domains used when resolving IP + /// addresses with DNS. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchDomains")] + pub search_domains: Option>, +} + +/// TypedLocalObjectReference contains enough information to let you locate the +/// typed referenced object inside the same namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsAddressesFromPools { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// DHCP4Overrides allows for the control over several DHCP behaviors. +/// Overrides will only be applied when the corresponding DHCP flag is set. +/// Only configured values will be sent, omitted values will default to +/// distribution defaults. +/// Dependent on support in the network stack for your distribution. +/// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsDhcp4Overrides { + /// Hostname is the name which will be sent to the DHCP server instead of + /// the machine's hostname. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostname: Option, + /// RouteMetric is used to prioritize routes for devices. A lower metric for + /// an interface will have a higher priority. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "routeMetric")] + pub route_metric: Option, + /// SendHostname when `true`, the hostname of the machine will be sent to the + /// DHCP server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendHostname")] + pub send_hostname: Option, + /// UseDNS when `true`, the DNS servers in the DHCP server will be used and + /// take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDNS")] + pub use_dns: Option, + /// UseDomains can take the values `true`, `false`, or `route`. When `true`, + /// the domain name from the DHCP server will be used as the DNS search + /// domain for this device. When `route`, the domain name from the DHCP + /// response will be used for routing DNS only, not for searching. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDomains")] + pub use_domains: Option, + /// UseHostname when `true`, the hostname from the DHCP server will be set + /// as the transient hostname of the machine. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useHostname")] + pub use_hostname: Option, + /// UseMTU when `true`, the MTU from the DHCP server will be set as the + /// MTU of the device. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useMTU")] + pub use_mtu: Option, + /// UseNTP when `true`, the NTP servers from the DHCP server will be used + /// by systemd-timesyncd and take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useNTP")] + pub use_ntp: Option, + /// UseRoutes when `true`, the routes from the DHCP server will be installed + /// in the routing table. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useRoutes")] + pub use_routes: Option, +} + +/// DHCP6Overrides allows for the control over several DHCP behaviors. +/// Overrides will only be applied when the corresponding DHCP flag is set. +/// Only configured values will be sent, omitted values will default to +/// distribution defaults. +/// Dependent on support in the network stack for your distribution. +/// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsDhcp6Overrides { + /// Hostname is the name which will be sent to the DHCP server instead of + /// the machine's hostname. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostname: Option, + /// RouteMetric is used to prioritize routes for devices. A lower metric for + /// an interface will have a higher priority. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "routeMetric")] + pub route_metric: Option, + /// SendHostname when `true`, the hostname of the machine will be sent to the + /// DHCP server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendHostname")] + pub send_hostname: Option, + /// UseDNS when `true`, the DNS servers in the DHCP server will be used and + /// take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDNS")] + pub use_dns: Option, + /// UseDomains can take the values `true`, `false`, or `route`. When `true`, + /// the domain name from the DHCP server will be used as the DNS search + /// domain for this device. When `route`, the domain name from the DHCP + /// response will be used for routing DNS only, not for searching. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDomains")] + pub use_domains: Option, + /// UseHostname when `true`, the hostname from the DHCP server will be set + /// as the transient hostname of the machine. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useHostname")] + pub use_hostname: Option, + /// UseMTU when `true`, the MTU from the DHCP server will be set as the + /// MTU of the device. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useMTU")] + pub use_mtu: Option, + /// UseNTP when `true`, the NTP servers from the DHCP server will be used + /// by systemd-timesyncd and take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useNTP")] + pub use_ntp: Option, + /// UseRoutes when `true`, the routes from the DHCP server will be installed + /// in the routing table. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useRoutes")] + pub use_routes: Option, +} + /// Zone defines the name and type of a zone #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct VSphereFailureDomainZone { diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs index 1807d81c8..34b026346 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs @@ -39,13 +39,13 @@ pub struct VSphereMachineSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -57,8 +57,8 @@ pub struct VSphereMachineSpec { /// For this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureDomain")] pub failure_domain: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -118,8 +118,8 @@ pub struct VSphereMachineSpec { /// vsphere://12345678-1234-1234-1234-123456789abc #[serde(default, skip_serializing_if = "Option::is_none", rename = "providerID")] pub provider_id: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -139,8 +139,8 @@ pub struct VSphereMachineSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -235,8 +235,8 @@ pub struct VSphereMachineNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs index 12911f2dc..bc400d8fe 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs @@ -73,13 +73,13 @@ pub struct VSphereMachineTemplateTemplateSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -91,8 +91,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// For this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureDomain")] pub failure_domain: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -152,8 +152,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// vsphere://12345678-1234-1234-1234-123456789abc #[serde(default, skip_serializing_if = "Option::is_none", rename = "providerID")] pub provider_id: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -173,8 +173,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -269,8 +269,8 @@ pub struct VSphereMachineTemplateTemplateSpecNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs index fab4a7081..2e694b7e4 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs @@ -52,13 +52,13 @@ pub struct VSphereVMSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -66,8 +66,8 @@ pub struct VSphereVMSpec { /// virtual machine is cloned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "diskGiB")] pub disk_gi_b: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -123,8 +123,8 @@ pub struct VSphereVMSpec { /// If omitted, the mode defaults to hard. #[serde(default, skip_serializing_if = "Option::is_none", rename = "powerOffMode")] pub power_off_mode: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -144,8 +144,8 @@ pub struct VSphereVMSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -280,8 +280,8 @@ pub struct VSphereVMNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/kuadrant_io/mod.rs b/kube-custom-resources-rs/src/kuadrant_io/mod.rs index d9018c91d..df673c0f8 100644 --- a/kube-custom-resources-rs/src/kuadrant_io/mod.rs +++ b/kube-custom-resources-rs/src/kuadrant_io/mod.rs @@ -1,3 +1,4 @@ +pub mod v1; pub mod v1alpha1; pub mod v1beta1; pub mod v1beta2; diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs new file mode 100644 index 000000000..1df497bac --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs @@ -0,0 +1,7001 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kuadrant.io", version = "v1", kind = "AuthPolicy", plural = "authpolicies")] +#[kube(namespaced)] +#[kube(status = "AuthPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct AuthPolicySpec { + /// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option, + /// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option, + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Reference to the object to which this policy applies. + #[serde(rename = "targetRef")] + pub target_ref: AuthPolicyTargetRef, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaults { + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyDefaultsRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyDefaultsRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyDefaultsRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyDefaultsRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverrides { + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyOverridesRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyOverridesRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyOverridesRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyOverridesRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesWhen { + pub predicate: String, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to the object to which this policy applies. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// SectionName is the name of a section within the target resource. When + /// unspecified, this targetRef targets the entire resource. In the following + /// resources, SectionName is interpreted as the following: + /// + /// * Gateway: Listener name + /// * HTTPRoute: HTTPRouteRule name + /// * Service: Port name + /// + /// If a SectionName is specified, but does not exist on the targeted object, + /// the Policy must fail to attach, and the policy implementation should record + /// a `ResolvedRefs` or similar Condition in the Policy's status. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] + pub section_name: Option, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyWhen { + pub predicate: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyStatus { + /// Represents the observations of a foo's current state. + /// Known .status.conditions.type are: "Available" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// ObservedGeneration reflects the generation of the most recently observed spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, +} + diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs new file mode 100644 index 000000000..0c781fc75 --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs @@ -0,0 +1,2 @@ +pub mod authpolicies; +pub mod ratelimitpolicies; diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs new file mode 100644 index 000000000..c58788913 --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs @@ -0,0 +1,272 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kuadrant.io", version = "v1", kind = "RateLimitPolicy", plural = "ratelimitpolicies")] +#[kube(namespaced)] +#[kube(status = "RateLimitPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct RateLimitPolicySpec { + /// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option, + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option, + /// Reference to the object to which this policy applies. + #[serde(rename = "targetRef")] + pub target_ref: RateLimitPolicyTargetRef, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaults { + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RateLimitPolicyDefaultsStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsWhen { + pub predicate: String, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverrides { + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RateLimitPolicyOverridesStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesWhen { + pub predicate: String, +} + +/// Reference to the object to which this policy applies. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// SectionName is the name of a section within the target resource. When + /// unspecified, this targetRef targets the entire resource. In the following + /// resources, SectionName is interpreted as the following: + /// + /// * Gateway: Listener name + /// * HTTPRoute: HTTPRouteRule name + /// * Service: Port name + /// + /// If a SectionName is specified, but does not exist on the targeted object, + /// the Policy must fail to attach, and the policy implementation should record + /// a `ResolvedRefs` or similar Condition in the Policy's status. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] + pub section_name: Option, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyWhen { + pub predicate: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyStatus { + /// Represents the observations of a foo's current state. + /// Known .status.conditions.type are: "Available" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// ObservedGeneration reflects the generation of the most recently observed spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, +} + diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs index 0d8afe865..e9de2e781 100644 --- a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs +++ b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs @@ -87,9 +87,11 @@ pub struct DNSRecordHealthCheck { #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalHeadersRef")] pub additional_headers_ref: Option, /// FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy + /// Defaults to 5 #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// Interval defines how frequently this probe should execute + /// Defaults to 5 minutes #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, /// Path is the path to append to the host to reach the expected health check. @@ -97,9 +99,11 @@ pub struct DNSRecordHealthCheck { #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port to connect to the host on. Must be either 80, 443 or 1024-49151 + /// Defaults to port 443 #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Protocol to use when connecting to the host, valid values are "HTTP" or "HTTPS" + /// Defaults to HTTPS #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs index c9891a258..65365db8a 100644 --- a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs +++ b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs @@ -44,8 +44,8 @@ pub struct SleepInfoSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendDeployments")] pub suspend_deployments: Option, /// If SuspendStatefulSets is set to false, on sleep the statefulset of the namespace will not be suspended. By default StatefulSet will be suspended. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendStatefulsets")] - pub suspend_statefulsets: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendStatefulSets")] + pub suspend_stateful_sets: Option, /// Time zone to set the schedule, in IANA time zone identifier. /// It is not required, default to UTC. /// For example, for the Italy time zone set Europe/Rome. diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index 5ff673e2a..24431c24a 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -1799,6 +1799,10 @@ apiVersion `kms.services.k8s.aws/v1alpha1`: ## kuadrant_io +apiVersion `kuadrant.io/v1`: +- `AuthPolicy` +- `RateLimitPolicy` + apiVersion `kuadrant.io/v1alpha1`: - `DNSRecord` - `ManagedZone` diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs index ec5cc9183..a997faffb 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs @@ -96,6 +96,11 @@ pub struct PodMonitorSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -1025,6 +1030,20 @@ pub enum PodMonitorPodMetricsEndpointsTlsConfigMinVersion { Tls13, } +/// Specification of desired Pod selection for target discovery by Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PodMonitorScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Label selector to select the Kubernetes `Pod` objects to scrape metrics from. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorSelector { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs index f60c6dd3f..4667e1d43 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs @@ -91,6 +91,11 @@ pub struct ProbeSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -632,6 +637,20 @@ pub enum ProbeProberScheme { Https, } +/// Specification of desired Ingress selection for target discovery by Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ProbeScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Targets defines a set of static or dynamically discovered targets to probe. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProbeTargets { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs index 63a7a273d..e32cac2fd 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs @@ -151,6 +151,8 @@ pub struct PrometheusSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub containers: Option>, /// When true, the Prometheus compaction is disabled. + /// When `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically + /// disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends). #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableCompaction")] pub disable_compaction: Option, /// Defines the DNS configuration for the pods. @@ -179,6 +181,13 @@ pub struct PrometheusSpec { /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, + /// Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. + /// + /// Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + /// + /// It requires Prometheus >= v2.47.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableOTLPReceiver")] + pub enable_otlp_receiver: Option, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// @@ -441,6 +450,9 @@ pub struct PrometheusSpec { /// enabling the StatefulSetMinReadySeconds feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] pub min_ready_seconds: Option, + /// Specifies the validation scheme for metric and label names. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nameValidationScheme")] + pub name_validation_scheme: Option, /// Defines on which Nodes the Pods are scheduled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -664,6 +676,11 @@ pub struct PrometheusSpec { /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// Interval between consecutive scrapes. /// /// Default: "30s" @@ -675,6 +692,8 @@ pub struct PrometheusSpec { /// If unset, Prometheus uses its default value. /// /// It requires Prometheus >= v2.49.0. + /// + /// `PrometheusText1.0.0` requires Prometheus >= v3.0.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, /// Number of seconds to wait until a scrape request times out. @@ -722,19 +741,28 @@ pub struct PrometheusSpec { /// Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name. #[serde(default, skip_serializing_if = "Option::is_none")] pub sha: Option, - /// Number of shards to distribute targets onto. `spec.replicas` - /// multiplied by `spec.shards` is the total number of Pods created. + /// Number of shards to distribute scraped targets onto. + /// + /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods + /// being created. /// - /// Note that scaling down shards will not reshard data onto remaining + /// When not defined, the operator assumes only one shard. + /// + /// Note that scaling down shards will not reshard data onto the remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. + /// Alerting and recording rules /// - /// Sharding is performed on the content of the `__address__` target meta-label - /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + /// By default, the sharding is performed on: + /// * The `__address__` target's metadata label for PodMonitor, + /// ServiceMonitor and ScrapeConfig resources. + /// * The `__param_target__` label for Probe resources. /// - /// Default: 1 + /// Users can define their own sharding implementation by setting the + /// `__tmp_hash` label during the target discovery with relabeling + /// configuration (either in the monitoring resources or via scrape class). #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, /// Storage defines the storage used by Prometheus. @@ -1615,6 +1643,7 @@ pub struct PrometheusAlertingAlertmanagers { pub alert_relabelings: Option>, /// Version of the Alertmanager API that Prometheus uses to send alerts. /// It can be "v1" or "v2". + /// The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, /// Authorization section for Alertmanager. @@ -5080,6 +5109,15 @@ pub enum PrometheusLogLevel { Error, } +/// Specification of the desired behavior of the Prometheus cluster. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusNameValidationScheme { + #[serde(rename = "UTF8")] + Utf8, + Legacy, +} + /// Settings related to the OTLP receiver feature. /// It requires Prometheus >= v2.55.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5087,6 +5125,21 @@ pub struct PrometheusOtlp { /// List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. #[serde(default, skip_serializing_if = "Option::is_none", rename = "promoteResourceAttributes")] pub promote_resource_attributes: Option>, + /// Configures how the OTLP receiver endpoint translates the incoming metrics. + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "translationStrategy")] + pub translation_strategy: Option, +} + +/// Settings related to the OTLP receiver feature. +/// It requires Prometheus >= v2.55.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusOtlpTranslationStrategy { + #[serde(rename = "NoUTF8EscapingWithSuffixes")] + NoUtf8EscapingWithSuffixes, + UnderscoreEscapingWithSuffixes, } /// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. @@ -7670,6 +7723,21 @@ pub struct PrometheusScrapeConfigSelectorMatchExpressions { pub values: Option>, } +/// Specification of the desired behavior of the Prometheus cluster. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// SecurityContext holds pod-level security attributes and common container settings. /// This defaults to the default PodSecurityContext. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs index 26516bf8a..119f9c547 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs @@ -98,6 +98,11 @@ pub struct ServiceMonitorSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -1043,6 +1048,21 @@ pub struct ServiceMonitorNamespaceSelector { pub match_names: Option>, } +/// Specification of desired Service selection for target discovery by +/// Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ServiceMonitorScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorSelector { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs index 44d3d691b..7d0e3bc80 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs @@ -35,8 +35,10 @@ pub struct ThanosRulerSpec { /// If specified, the pod's scheduling constraints. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. - /// The replica label `thanos_ruler_replica` will always be dropped in alerts. + /// Configures the label names which should be dropped in Thanos Ruler + /// alerts. + /// + /// The replica label `thanos_ruler_replica` will always be dropped from the alerts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertDropLabels")] pub alert_drop_labels: Option>, /// The external Query URL the Thanos Ruler will set in the 'Source' field @@ -44,24 +46,44 @@ pub struct ThanosRulerSpec { /// Maps to the '--alert.query-url' CLI arg. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertQueryUrl")] pub alert_query_url: Option, - /// AlertRelabelConfigFile specifies the path of the alert relabeling configuration file. - /// When used alongside with AlertRelabelConfigs, alertRelabelConfigFile takes precedence. + /// Configures the path to the alert relabeling configuration file. + /// + /// Alert relabel configuration must have the form as specified in the + /// official Prometheus documentation: + /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `alertRelabelConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertRelabelConfigFile")] pub alert_relabel_config_file: Option, - /// AlertRelabelConfigs configures alert relabeling in ThanosRuler. - /// Alert relabel configurations must have the form as specified in the official Prometheus documentation: + /// Configures alert relabeling in Thanos Ruler. + /// + /// Alert relabel configuration must have the form as specified in the + /// official Prometheus documentation: /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - /// Alternative to AlertRelabelConfigFile, and lower order priority. + /// + /// The operator performs no validation of the configuration. + /// + /// `alertRelabelConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertRelabelConfigs")] pub alert_relabel_configs: Option, - /// Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 - /// and higher. Maps to the `alertmanagers.config` arg. + /// Configures the list of Alertmanager endpoints to send alerts to. + /// + /// The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. + /// + /// It requires Thanos >= v0.10.0. + /// + /// The operator performs no validation of the configuration. + /// + /// This field takes precedence over `alertmanagersUrl`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertmanagersConfig")] pub alertmanagers_config: Option, - /// Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, - /// AlertManagersConfig should be used instead. Note: this field will be ignored - /// if AlertManagersConfig is specified. - /// Maps to the `alertmanagers.url` arg. + /// Configures the list of Alertmanager endpoints to send alerts to. + /// + /// For Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead. + /// + /// `alertmanagersConfig` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertmanagersUrl")] pub alertmanagers_url: Option>, /// Containers allows injecting additional containers or modifying operator generated @@ -127,8 +149,10 @@ pub struct ThanosRulerSpec { /// at any time without notice. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// Labels configure the external label pairs to ThanosRuler. A default replica label - /// `thanos_ruler_replica` will be always added as a label with the value of the pod's name and it will be dropped in the alerts. + /// Configures the external label pairs of the ThanosRuler resource. + /// + /// A default replica label `thanos_ruler_replica` will be always added as a + /// label with the value of the pod's name. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, /// ListenLocal makes the Thanos ruler listen on loopback, so that it @@ -150,12 +174,22 @@ pub struct ThanosRulerSpec { /// Define which Nodes the Pods are scheduled on. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// ObjectStorageConfig configures object storage in Thanos. - /// Alternative to ObjectStorageConfigFile, and lower order priority. + /// Configures object storage. + /// + /// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + /// + /// The operator performs no validation of the configuration. + /// + /// `objectStorageConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfig")] pub object_storage_config: Option, - /// ObjectStorageConfigFile specifies the path of the object storage configuration file. - /// When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + /// Configures the path of the object storage configuration file. + /// + /// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `objectStorageConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfigFile")] pub object_storage_config_file: Option, /// When a ThanosRuler deployment is paused, no actions except for deletion @@ -185,14 +219,22 @@ pub struct ThanosRulerSpec { /// Deprecated: use excludedFromEnforcement instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusRulesExcludedFromEnforce")] pub prometheus_rules_excluded_from_enforce: Option>, - /// Define configuration for connecting to thanos query instances. - /// If this is defined, the QueryEndpoints field will be ignored. - /// Maps to the `query.config` CLI argument. - /// Only available with thanos v0.11.0 and higher. + /// Configures the list of Thanos Query endpoints from which to query metrics. + /// + /// The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api + /// + /// It requires Thanos >= v0.11.0. + /// + /// The operator performs no validation of the configuration. + /// + /// This field takes precedence over `queryEndpoints`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryConfig")] pub query_config: Option, - /// QueryEndpoints defines Thanos querier endpoints from which to query metrics. - /// Maps to the --query flag of thanos ruler. + /// Configures the list of Thanos Query endpoints from which to query metrics. + /// + /// For Thanos >= v0.11.0, it is recommended to use `queryConfig` instead. + /// + /// `queryConfig` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryEndpoints")] pub query_endpoints: Option>, /// Number of thanos ruler instances to deploy. @@ -213,8 +255,9 @@ pub struct ThanosRulerSpec { /// the same namespace as the ThanosRuler object is in is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ruleNamespaceSelector")] pub rule_namespace_selector: Option, - /// A label selector to select which PrometheusRules to mount for alerting and - /// recording. + /// PrometheusRule objects to be selected for rule evaluation. An empty + /// label selector matches all objects. A null label selector matches no + /// objects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ruleSelector")] pub rule_selector: Option, /// SecurityContext holds pod-level security attributes and common container settings. @@ -234,20 +277,28 @@ pub struct ThanosRulerSpec { /// If specified, the pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, - /// TracingConfig configures tracing in Thanos. + /// Configures tracing. /// - /// `tracingConfigFile` takes precedence over this field. + /// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. + /// + /// The operator performs no validation of the configuration. + /// + /// `tracingConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, - /// TracingConfig specifies the path of the tracing configuration file. + /// Configures the path of the tracing configuration file. /// - /// This field takes precedence over `tracingConfig`. + /// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `tracingConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfigFile")] pub tracing_config_file: Option, /// Version of Thanos to be deployed. @@ -978,10 +1029,15 @@ pub struct ThanosRulerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri pub values: Option>, } -/// AlertRelabelConfigs configures alert relabeling in ThanosRuler. -/// Alert relabel configurations must have the form as specified in the official Prometheus documentation: +/// Configures alert relabeling in Thanos Ruler. +/// +/// Alert relabel configuration must have the form as specified in the +/// official Prometheus documentation: /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs -/// Alternative to AlertRelabelConfigFile, and lower order priority. +/// +/// The operator performs no validation of the configuration. +/// +/// `alertRelabelConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerAlertRelabelConfigs { /// The key of the secret to select from. Must be a valid secret key. @@ -998,8 +1054,15 @@ pub struct ThanosRulerAlertRelabelConfigs { pub optional: Option, } -/// Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 -/// and higher. Maps to the `alertmanagers.config` arg. +/// Configures the list of Alertmanager endpoints to send alerts to. +/// +/// The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. +/// +/// It requires Thanos >= v0.10.0. +/// +/// The operator performs no validation of the configuration. +/// +/// This field takes precedence over `alertmanagersUrl`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerAlertmanagersConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3770,8 +3833,13 @@ pub enum ThanosRulerLogLevel { Error, } -/// ObjectStorageConfig configures object storage in Thanos. -/// Alternative to ObjectStorageConfigFile, and lower order priority. +/// Configures object storage. +/// +/// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage +/// +/// The operator performs no validation of the configuration. +/// +/// `objectStorageConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerObjectStorageConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3833,10 +3901,15 @@ pub struct ThanosRulerPrometheusRulesExcludedFromEnforce { pub rule_namespace: String, } -/// Define configuration for connecting to thanos query instances. -/// If this is defined, the QueryEndpoints field will be ignored. -/// Maps to the `query.config` CLI argument. -/// Only available with thanos v0.11.0 and higher. +/// Configures the list of Thanos Query endpoints from which to query metrics. +/// +/// The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api +/// +/// It requires Thanos >= v0.11.0. +/// +/// The operator performs no validation of the configuration. +/// +/// This field takes precedence over `queryEndpoints`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerQueryConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3923,8 +3996,9 @@ pub struct ThanosRulerRuleNamespaceSelectorMatchExpressions { pub values: Option>, } -/// A label selector to select which PrometheusRules to mount for alerting and -/// recording. +/// PrometheusRule objects to be selected for rule evaluation. An empty +/// label selector matches all objects. A null label selector matches no +/// objects. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerRuleSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -4991,12 +5065,16 @@ pub struct ThanosRulerTopologySpreadConstraintsLabelSelectorMatchExpressions { pub values: Option>, } -/// TracingConfig configures tracing in Thanos. +/// Configures tracing. /// -/// `tracingConfigFile` takes precedence over this field. +/// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. +/// +/// The operator performs no validation of the configuration. +/// +/// `tracingConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerTracingConfig { /// The key of the secret to select from. Must be a valid secret key. diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs index 58d4d1423..76e7e7d34 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs @@ -304,9 +304,14 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1219,9 +1224,14 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1945,9 +1955,14 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -2660,9 +2675,14 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -3422,9 +3442,14 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4220,9 +4245,14 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4887,9 +4917,14 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -5638,9 +5673,14 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6341,9 +6381,14 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6992,9 +7037,14 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -7645,9 +7695,14 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -8348,9 +8403,14 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs index 52c8e93a9..78d8b339d 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs @@ -121,6 +121,13 @@ pub struct PrometheusAgentSpec { /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, + /// Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. + /// + /// Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + /// + /// It requires Prometheus >= v2.47.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableOTLPReceiver")] + pub enable_otlp_receiver: Option, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// @@ -381,6 +388,9 @@ pub struct PrometheusAgentSpec { /// (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Specifies the validation scheme for metric and label names. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nameValidationScheme")] + pub name_validation_scheme: Option, /// Defines on which Nodes the Pods are scheduled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -515,6 +525,9 @@ pub struct PrometheusAgentSpec { /// for use with `kubectl proxy`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "routePrefix")] pub route_prefix: Option, + /// RuntimeConfig configures the values for the Prometheus process behavior + #[serde(default, skip_serializing_if = "Option::is_none")] + pub runtime: Option, /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// @@ -551,6 +564,11 @@ pub struct PrometheusAgentSpec { /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// Interval between consecutive scrapes. /// /// Default: "30s" @@ -562,6 +580,8 @@ pub struct PrometheusAgentSpec { /// If unset, Prometheus uses its default value. /// /// It requires Prometheus >= v2.49.0. + /// + /// `PrometheusText1.0.0` requires Prometheus >= v3.0.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, /// Number of seconds to wait until a scrape request times out. @@ -606,19 +626,28 @@ pub struct PrometheusAgentSpec { /// `spec.additionalScrapeConfigs` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceMonitorSelector")] pub service_monitor_selector: Option, - /// Number of shards to distribute targets onto. `spec.replicas` - /// multiplied by `spec.shards` is the total number of Pods created. + /// Number of shards to distribute scraped targets onto. + /// + /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods + /// being created. /// - /// Note that scaling down shards will not reshard data onto remaining + /// When not defined, the operator assumes only one shard. + /// + /// Note that scaling down shards will not reshard data onto the remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. + /// Alerting and recording rules /// - /// Sharding is performed on the content of the `__address__` target meta-label - /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + /// By default, the sharding is performed on: + /// * The `__address__` target's metadata label for PodMonitor, + /// ServiceMonitor and ScrapeConfig resources. + /// * The `__param_target__` label for Probe resources. /// - /// Default: 1 + /// Users can define their own sharding implementation by setting the + /// `__tmp_hash` label during the target discovery with relabeling + /// configuration (either in the monitoring resources or via scrape class). #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, /// Storage defines the storage used by Prometheus. @@ -4315,6 +4344,15 @@ pub enum PrometheusAgentMode { DaemonSet, } +/// Specification of the desired behavior of the Prometheus agent. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentNameValidationScheme { + #[serde(rename = "UTF8")] + Utf8, + Legacy, +} + /// Settings related to the OTLP receiver feature. /// It requires Prometheus >= v2.55.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4322,6 +4360,21 @@ pub struct PrometheusAgentOtlp { /// List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. #[serde(default, skip_serializing_if = "Option::is_none", rename = "promoteResourceAttributes")] pub promote_resource_attributes: Option>, + /// Configures how the OTLP receiver endpoint translates the incoming metrics. + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "translationStrategy")] + pub translation_strategy: Option, +} + +/// Settings related to the OTLP receiver feature. +/// It requires Prometheus >= v2.55.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentOtlpTranslationStrategy { + #[serde(rename = "NoUTF8EscapingWithSuffixes")] + NoUtf8EscapingWithSuffixes, + UnderscoreEscapingWithSuffixes, } /// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. @@ -5595,6 +5648,15 @@ pub struct PrometheusAgentResourcesClaims { pub request: Option, } +/// RuntimeConfig configures the values for the Prometheus process behavior +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusAgentRuntime { + /// The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + /// See: https://tip.golang.org/doc/gc-guide#GOGC + #[serde(default, skip_serializing_if = "Option::is_none", rename = "goGC")] + pub go_gc: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeClasses { /// AttachMetadata configures additional metadata to the discovered targets. @@ -6096,6 +6158,21 @@ pub struct PrometheusAgentScrapeConfigSelectorMatchExpressions { pub values: Option>, } +/// Specification of the desired behavior of the Prometheus agent. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// SecurityContext holds pod-level security attributes and common container settings. /// This defaults to the default PodSecurityContext. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 3bdafaafc..c675d9570 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -53,6 +53,9 @@ pub struct ScrapeConfigSpec { /// If unset, Prometheus uses true by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCompression")] pub enable_compression: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, /// EurekaSDConfigs defines a list of Eureka service discovery configurations. #[serde(default, skip_serializing_if = "Option::is_none", rename = "eurekaSDConfigs")] pub eureka_sd_configs: Option>, @@ -192,6 +195,11 @@ pub struct ScrapeConfigSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// ScrapeInterval is the interval between consecutive scrapes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeInterval")] pub scrape_interval: Option, @@ -376,11 +384,13 @@ pub struct ScrapeConfigConsulSdConfigs { /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowStale")] pub allow_stale: Option, - /// Authorization header configuration to authenticate against the Consul Server. + /// Optional Authorization header configuration to authenticate against the Consul Server. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, - /// BasicAuth information to authenticate against the Consul Server. + /// Optional BasicAuth information to authenticate against the Consul Server. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. @@ -395,6 +405,8 @@ pub struct ScrapeConfigConsulSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// Namespaces are only supported in Consul Enterprise. + /// + /// It requires Prometheus >= 2.28.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -407,12 +419,18 @@ pub struct ScrapeConfigConsulSdConfigs { /// Node metadata key/value pairs to filter nodes for a given service. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeMeta")] pub node_meta: Option>, - /// Optional OAuth 2.0 configuration. + /// Optional OAuth2.0 configuration. + /// Cannot be set at the same time as `basicAuth`, or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// Admin Partitions are only supported in Consul Enterprise. #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, + /// Prefix for URIs for when consul is behind an API gateway (reverse proxy). + /// + /// It requires Prometheus >= 2.45.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pathPrefix")] + pub path_prefix: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// @@ -435,7 +453,7 @@ pub struct ScrapeConfigConsulSdConfigs { /// HTTP Scheme default "http" #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, - /// A valid string consisting of a hostname or IP followed by an optional port number. + /// Consul server address. A valid string consisting of a hostname or IP followed by an optional port number. pub server: String, /// A list of services for which targets are retrieved. If omitted, all services are scraped. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -447,7 +465,7 @@ pub struct ScrapeConfigConsulSdConfigs { /// An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. #[serde(default, skip_serializing_if = "Option::is_none")] pub tags: Option>, - /// TLS Config + /// TLS configuration to connect to the Consul API. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, /// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. @@ -455,7 +473,8 @@ pub struct ScrapeConfigConsulSdConfigs { pub token_ref: Option, } -/// Authorization header configuration to authenticate against the Consul Server. +/// Optional Authorization header configuration to authenticate against the Consul Server. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. @@ -487,8 +506,9 @@ pub struct ScrapeConfigConsulSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to authenticate against the Consul Server. +/// Optional BasicAuth information to authenticate against the Consul Server. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for @@ -537,7 +557,8 @@ pub struct ScrapeConfigConsulSdConfigsBasicAuthUsername { pub optional: Option, } -/// Optional OAuth 2.0 configuration. +/// Optional OAuth2.0 configuration. +/// Cannot be set at the same time as `basicAuth`, or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the @@ -859,7 +880,7 @@ pub enum ScrapeConfigConsulSdConfigsScheme { Https, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. @@ -996,7 +1017,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] @@ -1009,7 +1030,7 @@ pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigConsulSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] @@ -1067,7 +1088,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { pub oauth2: Option, /// The port to scrape metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// @@ -10280,6 +10301,20 @@ pub enum ScrapeConfigScheme { Https, } +/// ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// StaticConfig defines a Prometheus static configuration. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs index 4390888e8..81b9b228d 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs @@ -243,9 +243,14 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1134,9 +1139,14 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1840,9 +1850,14 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -2563,9 +2578,14 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -3301,9 +3321,14 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4067,9 +4092,14 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4726,9 +4756,14 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -5461,9 +5496,14 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6148,9 +6188,14 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6790,9 +6835,14 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -7435,9 +7485,14 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -8114,9 +8169,14 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, diff --git a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs index 3ccb22a4b..a467db876 100644 --- a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs +++ b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs @@ -129,7 +129,6 @@ pub struct MultiClusterIngressRules { /// IngressRuleValue. If the host is unspecified, the Ingress routes all /// traffic based on the specified IngressRuleValue. /// - /// /// host can be "precise" which is a domain name without the terminating dot of /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name /// prefixed with a single wildcard label (e.g. "*.foo.com"). @@ -319,10 +318,7 @@ pub struct MultiClusterIngressStatusLoadBalancerIngressPorts { /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// port is the port number of the ingress port. pub port: i32, /// protocol is the protocol of the ingress port. diff --git a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs index 01c5ad69c..d3e0838d4 100644 --- a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs +++ b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs @@ -63,8 +63,7 @@ pub struct MultiClusterServiceSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MultiClusterServiceConsumerClusters { /// Name is the name of the cluster to be selected. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ExposurePort describes which port will be exposed. @@ -82,8 +81,7 @@ pub struct MultiClusterServicePorts { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MultiClusterServiceProviderClusters { /// Name is the name of the cluster to be selected. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// Range specifies the ranges where the referencing service should @@ -156,10 +154,7 @@ pub struct MultiClusterServiceStatusLoadBalancerIngressPorts { /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// Port is the port number of the service port of which status is recorded here pub port: i32, /// Protocol is the protocol of the service port of which status is recorded here diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs index b3d881e7b..e914e0718 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs @@ -299,23 +299,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityPreferredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityRequiredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct BootstrapProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct BootstrapProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct BootstrapProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs index 14b1d8b25..6570d2a90 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs @@ -299,23 +299,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct ControlPlaneProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct ControlPlaneProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct ControlPlaneProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs index 9eb6790fa..671a6775f 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs @@ -299,23 +299,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgno pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityPreferredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityRequiredDuringScheduling pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct CoreProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct CoreProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct CoreProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs index af47de05f..dcd948e6d 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs @@ -299,23 +299,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityPreferredDuringSch pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityRequiredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityPreferredDurin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityRequiredDuring pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromConfigMapKeyRef /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct InfrastructureProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct InfrastructureProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct InfrastructureProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs index 74ffb885a..c71c650c4 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs @@ -307,23 +307,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPrefer pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRequir pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityPr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityRe pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersEnvValueFromCon /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersEnvValueFromSec /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersResourcesClaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AddonProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct AddonProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIg pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct AddonProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct AddonProviderDeploymentAffinityPodAntiAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct AddonProviderDeploymentAffinityPodAntiAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct AddonProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct AddonProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct AddonProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AddonProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs index 981f5154c..fd2da10b1 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs @@ -307,23 +307,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRe pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffini pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffini pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersEnvValueFro /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersEnvValueFro /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersResourcesCl #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityPreferredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityRequiredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct BootstrapProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs index 973896668..ef8897cfe 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs @@ -307,23 +307,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAffinit pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAffinit pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAntiAff pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAntiAff pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersEnvValue /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersEnvValue /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersResource #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct ControlPlaneProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs index d7ee43765..fcc4a0bcb 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs @@ -307,23 +307,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPreferr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRequire pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityPre pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityReq pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersEnvValueFromConf /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersEnvValueFromSecr /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersResourcesClaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgno pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityPreferredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityRequiredDuringScheduling pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct CoreProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs index 21c44a52f..dee236160 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs @@ -307,23 +307,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAffin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAffin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAntiA pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAntiA pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersEnvVal /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersEnvVal /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersResour #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityPreferredDuringSch pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityRequiredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityPreferredDurin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityRequiredDuring pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromConfigMapKeyRef /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct InfrastructureProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs index 6c043dfb0..f87ebd502 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs @@ -404,6 +404,10 @@ pub enum VMNodeScrapeScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// Selector to select kubernetes Nodes. diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs index 1084e1b58..6087e1e19 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs @@ -468,6 +468,10 @@ pub enum VMPodScrapePodMetricsEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs index 5ed4d38ad..517baebd9 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs @@ -350,6 +350,10 @@ pub enum VMProbeScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs index 356f1013a..c46a34eb6 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs @@ -91,7 +91,7 @@ pub struct VMRuleGroups { #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, /// Type defines datasource type for enterprise version of vmalert - /// possible values - prometheus,graphite + /// possible values - prometheus,graphite,vlogs #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs index 0527417b2..04d84da39 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs @@ -3075,6 +3075,10 @@ pub enum VMScrapeConfigScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// StaticConfig defines a static configuration. diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs index 935d07a2e..ffae4fc6e 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs @@ -471,6 +471,10 @@ pub enum VMServiceScrapeEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs index 22486b0ed..8de58c779 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs @@ -415,6 +415,10 @@ pub enum VMStaticScrapeTargetEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs index e300e57c1..09e640a0d 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs @@ -22,7 +22,6 @@ pub struct ClusterOverridePolicySpec { pub override_rules: Option>, /// Overriders represents the override rules that would apply on resources /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub overriders: Option, @@ -34,7 +33,6 @@ pub struct ClusterOverridePolicySpec { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCluster")] pub target_cluster: Option, @@ -90,8 +88,7 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -249,7 +246,6 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverrider { pub operator: ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -260,7 +256,6 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -292,7 +287,6 @@ pub enum ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -303,7 +297,6 @@ pub enum ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverriderPredicate { @@ -320,8 +313,7 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -447,7 +439,6 @@ pub struct ClusterOverridePolicyOverrideRulesTargetClusterLabelSelectorMatchExpr /// Overriders represents the override rules that would apply on resources /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverriders { @@ -486,8 +477,7 @@ pub struct ClusterOverridePolicyOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -645,7 +635,6 @@ pub struct ClusterOverridePolicyOverridersImageOverrider { pub operator: ClusterOverridePolicyOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -656,7 +645,6 @@ pub struct ClusterOverridePolicyOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -688,7 +676,6 @@ pub enum ClusterOverridePolicyOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -699,7 +686,6 @@ pub enum ClusterOverridePolicyOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverridersImageOverriderPredicate { @@ -716,8 +702,7 @@ pub struct ClusterOverridePolicyOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -815,7 +800,6 @@ pub struct ClusterOverridePolicyResourceSelectorsLabelSelectorMatchExpressions { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyTargetCluster { diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs index 77a504e03..ecca1e107 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs @@ -20,12 +20,10 @@ pub struct ClusterPropagationPolicySpec { /// ActivationPreference indicates how the referencing resource template will /// be propagated, in case of policy changes. /// - /// /// If empty, the resource template will respond to policy changes /// immediately, in other words, any policy changes will drive the resource /// template to be propagated immediately as per the current propagation rules. /// - /// /// If the value is 'Lazy' means the policy changes will not take effect for now /// but defer to the resource template changes, in other words, the resource /// template will not be propagated as per the current propagation rules until @@ -46,7 +44,6 @@ pub struct ClusterPropagationPolicySpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -56,12 +53,10 @@ pub struct ClusterPropagationPolicySpec { /// DependentOverrides represents the list of overrides(OverridePolicy) /// which must present before the current PropagationPolicy takes effect. /// - /// /// It used to explicitly specify overrides which current PropagationPolicy rely on. /// A typical scenario is the users create OverridePolicy(ies) and resources at the same time, /// they want to ensure the new-created policies would be adopted. /// - /// /// Note: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies), /// which not present in this list will still be applied if they matches the resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dependentOverrides")] @@ -82,16 +77,13 @@ pub struct ClusterPropagationPolicySpec { /// If set to true, resources will be preserved on the member clusters. /// Default is false, which means resources will be deleted along with the resource template. /// - /// /// This setting is particularly useful during workload migration scenarios to ensure /// that rollback can occur quickly without affecting the workloads running on the /// member clusters. /// - /// /// Additionally, this setting applies uniformly across all member clusters and will not /// selectively control preservation on only some clusters. /// - /// /// Note: This setting does not apply to the deletion of the policy itself. /// When the policy is deleted, the resource templates and their corresponding /// propagated resources in member clusters will remain unchanged unless explicitly deleted. @@ -105,7 +97,6 @@ pub struct ClusterPropagationPolicySpec { /// not be preempted by following policies even with a higher priority. /// See Preemption for more details. /// - /// /// In case of two policies have the same priority, the one with a more precise /// matching rules in ResourceSelectors wins: /// - matching by name(resourceSelector.name) has higher priority than @@ -115,7 +106,6 @@ pub struct ClusterPropagationPolicySpec { /// If there is still no winner at this point, the one with the lower alphabetic /// order wins, e.g. policy 'bar' has higher priority than 'foo'. /// - /// /// The higher the value, the higher the priority. Defaults to zero. #[serde(default, skip_serializing_if = "Option::is_none")] pub priority: Option, @@ -125,7 +115,6 @@ pub struct ClusterPropagationPolicySpec { /// propagated along with the Deployment. In addition to the propagating process, the referencing resources will be /// migrated along with the Deployment in the fail-over scenario. /// - /// /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propagateDeps")] pub propagate_deps: Option, @@ -230,24 +219,20 @@ pub struct ClusterPropagationPolicyPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -255,7 +240,6 @@ pub struct ClusterPropagationPolicyPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs index e856c73b6..19383f15f 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs @@ -23,7 +23,6 @@ pub struct OverridePolicySpec { pub override_rules: Option>, /// Overriders represents the override rules that would apply on resources /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub overriders: Option, @@ -35,7 +34,6 @@ pub struct OverridePolicySpec { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCluster")] pub target_cluster: Option, @@ -91,8 +89,7 @@ pub struct OverridePolicyOverrideRulesOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -250,7 +247,6 @@ pub struct OverridePolicyOverrideRulesOverridersImageOverrider { pub operator: OverridePolicyOverrideRulesOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -261,7 +257,6 @@ pub struct OverridePolicyOverrideRulesOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -293,7 +288,6 @@ pub enum OverridePolicyOverrideRulesOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -304,7 +298,6 @@ pub enum OverridePolicyOverrideRulesOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverrideRulesOverridersImageOverriderPredicate { @@ -321,8 +314,7 @@ pub struct OverridePolicyOverrideRulesOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -448,7 +440,6 @@ pub struct OverridePolicyOverrideRulesTargetClusterLabelSelectorMatchExpressions /// Overriders represents the override rules that would apply on resources /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverriders { @@ -487,8 +478,7 @@ pub struct OverridePolicyOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -646,7 +636,6 @@ pub struct OverridePolicyOverridersImageOverrider { pub operator: OverridePolicyOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -657,7 +646,6 @@ pub struct OverridePolicyOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -689,7 +677,6 @@ pub enum OverridePolicyOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -700,7 +687,6 @@ pub enum OverridePolicyOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverridersImageOverriderPredicate { @@ -717,8 +703,7 @@ pub struct OverridePolicyOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -816,7 +801,6 @@ pub struct OverridePolicyResourceSelectorsLabelSelectorMatchExpressions { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyTargetCluster { diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs index f847691fa..53d723908 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs @@ -21,12 +21,10 @@ pub struct PropagationPolicySpec { /// ActivationPreference indicates how the referencing resource template will /// be propagated, in case of policy changes. /// - /// /// If empty, the resource template will respond to policy changes /// immediately, in other words, any policy changes will drive the resource /// template to be propagated immediately as per the current propagation rules. /// - /// /// If the value is 'Lazy' means the policy changes will not take effect for now /// but defer to the resource template changes, in other words, the resource /// template will not be propagated as per the current propagation rules until @@ -47,7 +45,6 @@ pub struct PropagationPolicySpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -57,12 +54,10 @@ pub struct PropagationPolicySpec { /// DependentOverrides represents the list of overrides(OverridePolicy) /// which must present before the current PropagationPolicy takes effect. /// - /// /// It used to explicitly specify overrides which current PropagationPolicy rely on. /// A typical scenario is the users create OverridePolicy(ies) and resources at the same time, /// they want to ensure the new-created policies would be adopted. /// - /// /// Note: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies), /// which not present in this list will still be applied if they matches the resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dependentOverrides")] @@ -83,16 +78,13 @@ pub struct PropagationPolicySpec { /// If set to true, resources will be preserved on the member clusters. /// Default is false, which means resources will be deleted along with the resource template. /// - /// /// This setting is particularly useful during workload migration scenarios to ensure /// that rollback can occur quickly without affecting the workloads running on the /// member clusters. /// - /// /// Additionally, this setting applies uniformly across all member clusters and will not /// selectively control preservation on only some clusters. /// - /// /// Note: This setting does not apply to the deletion of the policy itself. /// When the policy is deleted, the resource templates and their corresponding /// propagated resources in member clusters will remain unchanged unless explicitly deleted. @@ -106,7 +98,6 @@ pub struct PropagationPolicySpec { /// not be preempted by following policies even with a higher priority. /// See Preemption for more details. /// - /// /// In case of two policies have the same priority, the one with a more precise /// matching rules in ResourceSelectors wins: /// - matching by name(resourceSelector.name) has higher priority than @@ -116,7 +107,6 @@ pub struct PropagationPolicySpec { /// If there is still no winner at this point, the one with the lower alphabetic /// order wins, e.g. policy 'bar' has higher priority than 'foo'. /// - /// /// The higher the value, the higher the priority. Defaults to zero. #[serde(default, skip_serializing_if = "Option::is_none")] pub priority: Option, @@ -126,7 +116,6 @@ pub struct PropagationPolicySpec { /// propagated along with the Deployment. In addition to the propagating process, the referencing resources will be /// migrated along with the Deployment in the fail-over scenario. /// - /// /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propagateDeps")] pub propagate_deps: Option, @@ -231,24 +220,20 @@ pub struct PropagationPolicyPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -256,7 +241,6 @@ pub struct PropagationPolicyPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs index 1256fc958..93ed3b237 100644 --- a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs @@ -27,7 +27,6 @@ pub struct AdminNetworkPolicySpec { /// would take the highest precedence. /// ANPs with no egress rules do not affect egress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub egress: Option>, @@ -39,7 +38,6 @@ pub struct AdminNetworkPolicySpec { /// would take the highest precedence. /// ANPs with no ingress rules do not affect ingress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ingress: Option>, @@ -52,13 +50,11 @@ pub struct AdminNetworkPolicySpec { /// implementation can apply any of the matching policies to the connection, and /// there is no way for the user to reliably determine which one it will choose. /// - /// /// Support: Core pub priority: i32, /// Subject defines the pods to which this AdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// - /// /// Support: Core pub subject: AdminNetworkPolicySubject, } @@ -78,7 +74,6 @@ pub struct AdminNetworkPolicyEgress { /// If the pod is not selected by any NetworkPolicies then execution /// is passed to any BaselineAdminNetworkPolicies that select the pod. /// - /// /// Support: Core pub action: AdminNetworkPolicyEgressAction, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -86,7 +81,6 @@ pub struct AdminNetworkPolicyEgress { /// improve observability, readability and error-reporting for any applied /// AdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -94,7 +88,6 @@ pub struct AdminNetworkPolicyEgress { /// This field is a list of destination ports for the outgoing egress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -103,7 +96,6 @@ pub struct AdminNetworkPolicyEgress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub to: Vec, } @@ -125,14 +117,12 @@ pub enum AdminNetworkPolicyEgressAction { pub struct AdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -140,19 +130,16 @@ pub struct AdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -160,27 +147,23 @@ pub struct AdminNetworkPolicyEgressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -194,7 +177,6 @@ pub struct AdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -202,7 +184,6 @@ pub struct AdminNetworkPolicyEgressTo { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -211,7 +192,6 @@ pub struct AdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressToNamespaces { @@ -246,7 +226,6 @@ pub struct AdminNetworkPolicyEgressToNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressToPods { @@ -336,7 +315,6 @@ pub struct AdminNetworkPolicyIngress { /// If the pod is not selected by any NetworkPolicies then execution /// is passed to any BaselineAdminNetworkPolicies that select the pod. /// - /// /// Support: Core pub action: AdminNetworkPolicyIngressAction, /// From is the list of sources whose traffic this rule applies to. @@ -344,7 +322,6 @@ pub struct AdminNetworkPolicyIngress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub from: Vec, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -352,7 +329,6 @@ pub struct AdminNetworkPolicyIngress { /// improve observability, readability and error-reporting for any applied /// AdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -362,7 +338,6 @@ pub struct AdminNetworkPolicyIngress { /// So it matches on the destination port for the ingress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -387,7 +362,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -395,7 +369,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -404,7 +377,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressFromNamespaces { @@ -439,7 +411,6 @@ pub struct AdminNetworkPolicyIngressFromNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressFromPods { @@ -521,14 +492,12 @@ pub struct AdminNetworkPolicyIngressFromPodsPodSelectorMatchExpressions { pub struct AdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -536,19 +505,16 @@ pub struct AdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -556,27 +522,23 @@ pub struct AdminNetworkPolicyIngressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -584,7 +546,6 @@ pub struct AdminNetworkPolicyIngressPortsPortRange { /// Subject defines the pods to which this AdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicySubject { diff --git a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs index bcddaaea7..7a5f907ed 100644 --- a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs @@ -28,7 +28,6 @@ pub struct BaselineAdminNetworkPolicySpec { /// would take the highest precedence. /// BANPs with no egress rules do not affect egress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub egress: Option>, @@ -41,14 +40,12 @@ pub struct BaselineAdminNetworkPolicySpec { /// would take the highest precedence. /// BANPs with no ingress rules do not affect ingress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ingress: Option>, /// Subject defines the pods to which this BaselineAdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// - /// /// Support: Core pub subject: BaselineAdminNetworkPolicySubject, } @@ -64,7 +61,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// Allow: allows the selected traffic /// Deny: denies the selected traffic /// - /// /// Support: Core pub action: BaselineAdminNetworkPolicyEgressAction, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -72,7 +68,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// improve observability, readability and error-reporting for any applied /// BaselineAdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -86,7 +81,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub to: Vec, } @@ -107,14 +101,12 @@ pub enum BaselineAdminNetworkPolicyEgressAction { pub struct BaselineAdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -122,19 +114,16 @@ pub struct BaselineAdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -142,27 +131,23 @@ pub struct BaselineAdminNetworkPolicyEgressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -176,7 +161,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -184,7 +168,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -193,7 +176,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressToNamespaces { @@ -228,7 +210,6 @@ pub struct BaselineAdminNetworkPolicyEgressToNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressToPods { @@ -314,7 +295,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// Allow: allows the selected traffic /// Deny: denies the selected traffic /// - /// /// Support: Core pub action: BaselineAdminNetworkPolicyIngressAction, /// From is the list of sources whose traffic this rule applies to. @@ -322,7 +302,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub from: Vec, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -330,7 +309,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// improve observability, readability and error-reporting for any applied /// BaselineAdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -340,7 +318,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// So it matches on the destination port for the ingress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -364,7 +341,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -372,7 +348,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -381,7 +356,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressFromNamespaces { @@ -416,7 +390,6 @@ pub struct BaselineAdminNetworkPolicyIngressFromNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressFromPods { @@ -498,14 +471,12 @@ pub struct BaselineAdminNetworkPolicyIngressFromPodsPodSelectorMatchExpressions pub struct BaselineAdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -513,19 +484,16 @@ pub struct BaselineAdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -533,27 +501,23 @@ pub struct BaselineAdminNetworkPolicyIngressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -561,7 +525,6 @@ pub struct BaselineAdminNetworkPolicyIngressPortsPortRange { /// Subject defines the pods to which this BaselineAdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicySubject { diff --git a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs index 841b14f3a..c39150817 100644 --- a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs +++ b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs @@ -50,6 +50,8 @@ pub struct PerconaServerMongoDBBackupStatus { pub destination: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filesystem: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastTransition")] pub last_transition: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "latestRestorableTime")] @@ -86,6 +88,11 @@ pub struct PerconaServerMongoDBBackupStatusAzure { pub prefix: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMongoDBBackupStatusFilesystem { + pub path: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMongoDBBackupStatusS3 { pub bucket: String, diff --git a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs index d896d5e16..8873c4895 100644 --- a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs +++ b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs @@ -44,6 +44,8 @@ pub struct PerconaServerMongoDBRestoreBackupSource { pub destination: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filesystem: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastTransition")] pub last_transition: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "latestRestorableTime")] @@ -80,6 +82,11 @@ pub struct PerconaServerMongoDBRestoreBackupSourceAzure { pub prefix: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMongoDBRestoreBackupSourceFilesystem { + pub path: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMongoDBRestoreBackupSourceS3 { pub bucket: String, diff --git a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs index 36f602aa0..fcf2072ae 100644 --- a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs +++ b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs @@ -19,6 +19,8 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct PerconaXtraDBClusterBackupSpec { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeDeadlineSeconds")] + pub active_deadline_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerOptions")] pub container_options: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "pxcCluster")] diff --git a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs index 6dcd9710c..7bc7dd776 100644 --- a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs +++ b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs @@ -74,6 +74,8 @@ pub struct PerconaXtraDBClusterSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaXtraDBClusterBackup { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeDeadlineSeconds")] + pub active_deadline_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowParallel")] pub allow_parallel: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs index 1465b6264..384c1adbd 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs @@ -3392,6 +3392,8 @@ pub struct RayClusterHeadGroupSpecTemplateSpecVolumesVsphereVolume { pub struct RayClusterWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs index e193c7449..5dd553eea 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs @@ -3430,6 +3430,8 @@ pub struct RayJobRayClusterSpecHeadGroupSpecTemplateSpecVolumesVsphereVolume { pub struct RayJobRayClusterSpecWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs index 797df574e..8ac105637 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs @@ -30,6 +30,8 @@ pub struct RayServiceSpec { pub serve_service: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceUnhealthySecondThreshold")] pub service_unhealthy_second_threshold: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeStrategy")] + pub upgrade_strategy: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3406,6 +3408,8 @@ pub struct RayServiceRayClusterConfigHeadGroupSpecTemplateSpecVolumesVsphereVolu pub struct RayServiceRayClusterConfigWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs index 5a1677a8e..611c6276d 100644 --- a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs +++ b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs @@ -6827,6 +6827,9 @@ pub struct RuntimeComponentStatus { /// The generation identifier of this RuntimeComponent instance completely reconciled by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] pub observed_generation: Option, + /// The reconciliation interval in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reconcileInterval")] + pub reconcile_interval: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub references: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs index e7aa1a959..4bfe4efb6 100644 --- a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs +++ b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs @@ -6,6 +6,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; @@ -17,6 +18,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ScyllaOperatorConfigSpec { + /// configuredClusterDomain allows users to set the configured Kubernetes cluster domain explicitly, instead of letting Scylla Operator automatically discover it. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configuredClusterDomain")] + pub configured_cluster_domain: Option, /// scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scyllaUtilsImage")] pub scylla_utils_image: Option, @@ -37,6 +41,12 @@ pub struct ScyllaOperatorConfigStatus { /// bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bashToolsImage")] pub bash_tools_image: Option, + /// clusterDomain is the Kubernetes cluster domain used by the Scylla Operator. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterDomain")] + pub cluster_domain: Option, + /// conditions hold conditions describing ScyllaOperatorConfig state. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, /// grafanaImage is the image used by the operator to create a Grafana instance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaImage")] pub grafana_image: Option, diff --git a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs index b344f9321..0b16f167b 100644 --- a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs +++ b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs @@ -302,24 +302,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -423,24 +423,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -575,24 +575,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -696,24 +696,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -810,11 +810,9 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -837,6 +835,11 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// LocalObjectReference contains enough information to let you locate the @@ -844,8 +847,10 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirementsClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecurityProfilesOperatorDaemonImagePullSecrets { /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs index 04028d616..0cf3ca5e0 100644 --- a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs +++ b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs @@ -24,6 +24,8 @@ pub struct SriovNetworkNodeStateSpec { pub bridges: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub interfaces: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub system: Option, } /// Bridges contains list of bridges @@ -130,6 +132,21 @@ pub struct SriovNetworkNodeStateInterfacesVfGroups { pub vf_range: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SriovNetworkNodeStateSystem { + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkNodeStateSystemRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + /// SriovNetworkNodeStateStatus defines the observed state of SriovNetworkNodeState #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SriovNetworkNodeStateStatus { @@ -142,6 +159,8 @@ pub struct SriovNetworkNodeStateStatus { pub last_sync_error: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncStatus")] pub sync_status: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub system: Option, } /// Bridges contains list of bridges @@ -276,3 +295,18 @@ pub struct SriovNetworkNodeStateStatusInterfacesVfs { pub vf_id: i64, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SriovNetworkNodeStateStatusSystem { + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkNodeStateStatusSystemRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + diff --git a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs index 1bed563de..a9ba43d78 100644 --- a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs +++ b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs @@ -35,6 +35,9 @@ pub struct SriovNetworkPoolConfigSpec { /// OvsHardwareOffloadConfig describes the OVS HWOL configuration for selected Nodes #[serde(default, skip_serializing_if = "Option::is_none", rename = "ovsHardwareOffloadConfig")] pub ovs_hardware_offload_config: Option, + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, } /// nodeSelector specifies a label selector for Nodes @@ -79,6 +82,15 @@ pub struct SriovNetworkPoolConfigOvsHardwareOffloadConfig { pub name: Option, } +/// SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkPoolConfigRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + /// SriovNetworkPoolConfigStatus defines the observed state of SriovNetworkPoolConfig #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SriovNetworkPoolConfigStatus { diff --git a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs index c60b7ec58..4aac39fa6 100644 --- a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs +++ b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs @@ -26,7 +26,6 @@ pub struct ClusterResourceBindingSpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -81,7 +80,6 @@ pub struct ClusterResourceBindingSpec { /// It works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in /// status.lastScheduledTime will the rescheduling actually execute, otherwise, ignored. /// - /// /// It is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rescheduleTriggeredAt")] pub reschedule_triggered_at: Option, @@ -187,7 +185,6 @@ pub struct ClusterResourceBindingGracefulEvictionTasks { /// Clients should not set this value to avoid the time inconsistency issue. /// It is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC. /// - /// /// Populated by the system. Read-only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTimestamp")] pub creation_timestamp: Option, @@ -207,6 +204,11 @@ pub struct ClusterResourceBindingGracefulEvictionTasks { pub message: Option, /// Producer indicates the controller who triggered the eviction. pub producer: String, + /// PurgeMode represents how to deal with the legacy applications on the + /// cluster from which the application is migrated. + /// Valid options are "Immediately", "Graciously" and "Never". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] + pub purge_mode: Option, /// Reason contains a programmatic identifier indicating the reason for the eviction. /// Producers may define expected values and meanings for this field, /// and whether the values are considered a guaranteed API. @@ -224,30 +226,34 @@ pub struct ClusterResourceBindingGracefulEvictionTasks { pub suppress_deletion: Option, } +/// GracefulEvictionTask represents a graceful eviction task. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterResourceBindingGracefulEvictionTasksPurgeMode { + Immediately, + Graciously, + Never, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterResourceBindingPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -255,7 +261,6 @@ pub struct ClusterResourceBindingPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs index 7f9251744..64cfff3d1 100644 --- a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs +++ b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs @@ -27,7 +27,6 @@ pub struct ResourceBindingSpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -82,7 +81,6 @@ pub struct ResourceBindingSpec { /// It works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in /// status.lastScheduledTime will the rescheduling actually execute, otherwise, ignored. /// - /// /// It is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rescheduleTriggeredAt")] pub reschedule_triggered_at: Option, @@ -188,7 +186,6 @@ pub struct ResourceBindingGracefulEvictionTasks { /// Clients should not set this value to avoid the time inconsistency issue. /// It is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC. /// - /// /// Populated by the system. Read-only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTimestamp")] pub creation_timestamp: Option, @@ -208,6 +205,11 @@ pub struct ResourceBindingGracefulEvictionTasks { pub message: Option, /// Producer indicates the controller who triggered the eviction. pub producer: String, + /// PurgeMode represents how to deal with the legacy applications on the + /// cluster from which the application is migrated. + /// Valid options are "Immediately", "Graciously" and "Never". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] + pub purge_mode: Option, /// Reason contains a programmatic identifier indicating the reason for the eviction. /// Producers may define expected values and meanings for this field, /// and whether the values are considered a guaranteed API. @@ -225,30 +227,34 @@ pub struct ResourceBindingGracefulEvictionTasks { pub suppress_deletion: Option, } +/// GracefulEvictionTask represents a graceful eviction task. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ResourceBindingGracefulEvictionTasksPurgeMode { + Immediately, + Graciously, + Never, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceBindingPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -256,7 +262,6 @@ pub struct ResourceBindingPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary