diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
deleted file mode 100644
index 18c890b15..000000000
--- a/.github/workflows/package.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: Build package
-
-on:
- push:
- branches:
- - master
- - setup/*
-
-jobs:
- build-package:
- permissions:
- contents: read
- packages: write
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v4
- - name: Setup Timoni
- uses: stefanprodan/timoni/actions/setup@main
- - name: Setup Flux
- uses: fluxcd/flux2/action@main
-
- - name: Preapre tag
- run: |
- tag=$(echo ${{ github.ref_name}} | tr '/' '-')
- echo "tag=${tag}" >> "${GITHUB_ENV}"
-
- - name: Build bundle
- env:
- BUNDLE_PATH: k8s/timoni/
- run: |
- mkdir ${{ runner.temp }}/timoni
- timoni bundle build \
- -f ${BUNDLE_PATH}bundle.cue \
- -f ${BUNDLE_PATH}runners.cue \
- -f ${BUNDLE_PATH}values.cue > ${{ runner.temp }}/timoni/build.yaml
-
- - name: Diff artifacts
- run: |
- set +e
- flux diff artifact \
- --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
- oci://ghcr.io/${{ github.repository }}-manifests:${tag} \
- --path ${{ runner.temp }}/timoni
- echo "diff=$?" >> "${GITHUB_ENV}"
-
- - name: Push artifact
- if: ${{ env.diff != '0' }}
- run: |
- flux push artifact \
- --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
- -f ${{ runner.temp }}/timoni \
- --source ${{ github.repositoryUrl }} \
- --revision ${{ inputs.tag }}@sha1:${{ github.sha }} \
- oci://ghcr.io/${{ github.repository }}-manifests:${tag}
diff --git a/k8s/flux.cue b/k8s/flux.cue
deleted file mode 100644
index dfc48e463..000000000
--- a/k8s/flux.cue
+++ /dev/null
@@ -1,85 +0,0 @@
-bundle: {
- apiVersion: "v1alpha1"
- name: "codebattle"
- instances: {
- "cert-manager": {
- module: url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
- namespace: "flux-system"
- values: {
- repository: url: "https://charts.jetstack.io"
- chart: {
- name: "cert-manager"
- version: "v1.17.0"
- }
- sync: targetNamespace: "codebattle"
- helmValues: {
- crds: enabled: true
- config: {
- apiVersion: "controller.config.cert-manager.io/v1alpha1"
- kind: "ControllerConfiguration"
- enableGatewayAPI: true
- }
- }
- }
- }
- "gateway": {
- module: url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
- namespace: "flux-system"
- values: {
- repository: url: "oci://registry-1.docker.io/envoyproxy"
- chart: {
- name: "gateway-helm"
- version: "v1.3.0"
- }
- sync: targetNamespace: "codebattle"
- }
- }
- "codebattle": {
- module: url: "file://timoni/kustomize-oci"
- namespace: "flux-system"
- values: {
- artifact: {
- url: "oci://ghcr.io/hexlet-codebattle/codebattle-manifests"
- tag: "master" @timoni(runtime:string:CODEBATTLE_PKG_TAG)
- }
- auth: credentials: {
- username: string @timoni(runtime:string:GITHUB_USERNAME)
- password: string @timoni(runtime:string:GITHUB_TOKEN)
- }
- _hostname: string @timoni(runtime:string:CODEBATTLE_HOSTNAME)
- patches: [{
- patch: [{
- op: "add"
- path: "/spec/listeners/0/hostname"
- value: _hostname
- }, {
- op: "add"
- path: "/spec/listeners/1/hostname"
- value: _hostname
- }]
- target: {
- group: "gateway.networking.k8s.io"
- kind: "Gateway"
- name: "gateway"
- namespace: "codebattle"
- }
- }, {
- patch: [{
- op: "add"
- path: "/spec/template/spec/containers/0/env/-"
- value: {
- name: "CODEBATTLE_HOSTNAME"
- value: _hostname
- }
- }]
- target: {
- group: "apps"
- kind: "Deployment"
- name: "codebattle"
- namespace: "codebattle"
- }
- }]
- }
- }
- }
-}
diff --git a/k8s/timoni/bundle.cue b/k8s/timoni/bundle.cue
deleted file mode 100644
index 0c9ba1e6c..000000000
--- a/k8s/timoni/bundle.cue
+++ /dev/null
@@ -1,39 +0,0 @@
-#RunnerConfig: {
- image: string
- version: string
- lang: string
- replicas: uint
-}
-
-runners: [string]: #RunnerConfig
-codebattleValues: {}
-
-bundle: {
- apiVersion: "v1alpha1"
- name: "codebattle"
- instances: {
- codebattle: {
- module: url: "file://codebattle"
- namespace: "codebattle"
- values: codebattleValues
- }
- for runner in runners {
- "runner-\(runner.lang)": {
- module: url: "file://runner"
- namespace: "codebattle"
- values: {
- registry: "docker.io"
- image: {
- repository: "\(registry)/\(runner.image)"
- tag: runner.version
- }
- replicas: runner.replicas
- }
- }
- }
- gateway: {
- module: url: "file://gateway"
- namespace: "codebattle"
- }
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue
deleted file mode 100644
index ce9218473..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue
+++ /dev/null
@@ -1,3265 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.0/cert-manager.yaml
-
-package v1
-
-import "strings"
-
-// An Issuer represents a certificate issuing authority which can
-// be
-// referenced as part of `issuerRef` fields.
-// It is scoped to a single namespace and can therefore only be
-// referenced by
-// resources within the same namespace.
-#Issuer: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "cert-manager.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "Issuer"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // Desired state of the Issuer resource.
- spec!: #IssuerSpec
-}
-
-// Desired state of the Issuer resource.
-#IssuerSpec: {
- // ACME configures this issuer to communicate with a RFC8555
- // (ACME) server
- // to obtain signed x509 certificates.
- acme?: {
- // Base64-encoded bundle of PEM CAs which can be used to validate
- // the certificate
- // chain presented by the ACME server.
- // Mutually exclusive with SkipTLSVerify; prefer using CABundle to
- // prevent various
- // kinds of security vulnerabilities.
- // If CABundle and SkipTLSVerify are unset, the system certificate
- // bundle inside
- // the container is used to validate the TLS connection.
- caBundle?: string
-
- // Enables or disables generating a new ACME account key.
- // If true, the Issuer resource will *not* request a new account
- // but will expect
- // the account key to be supplied via an existing secret.
- // If false, the cert-manager system will generate a new ACME
- // account key
- // for the Issuer.
- // Defaults to false.
- disableAccountKeyGeneration?: bool
-
- // Email is the email address to be associated with the ACME
- // account.
- // This field is optional, but it is strongly recommended to be
- // set.
- // It will be used to contact you in case of issues with your
- // account or
- // certificates, including expiry notification emails.
- // This field may be updated after the account is initially
- // registered.
- email?: string
-
- // Enables requesting a Not After date on certificates that
- // matches the
- // duration of the certificate. This is not supported by all ACME
- // servers
- // like Let's Encrypt. If set to true when the ACME server does
- // not support
- // it, it will create an error on the Order.
- // Defaults to false.
- enableDurationFeature?: bool
-
- // ExternalAccountBinding is a reference to a CA external account
- // of the ACME
- // server.
- // If set, upon registration cert-manager will attempt to
- // associate the given
- // external account credentials with the registered ACME account.
- externalAccountBinding?: {
- // Deprecated: keyAlgorithm field exists for historical
- // compatibility
- // reasons and should not be used. The algorithm is now hardcoded
- // to HS256
- // in golang/x/crypto/acme.
- keyAlgorithm?: "HS256" | "HS384" | "HS512"
-
- // keyID is the ID of the CA key that the External Account is
- // bound to.
- keyID!: string
-
- // keySecretRef is a Secret Key Selector referencing a data item
- // in a Kubernetes
- // Secret which holds the symmetric MAC key of the External
- // Account Binding.
- // The `key` is the index string that is paired with the key data
- // in the
- // Secret and should not be confused with the key data itself, or
- // indeed with
- // the External Account Binding keyID above.
- // The secret key stored in the Secret **must** be un-padded,
- // base64 URL
- // encoded data.
- keySecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // PreferredChain is the chain to use if the ACME server outputs
- // multiple.
- // PreferredChain is no guarantee that this one gets delivered by
- // the ACME
- // endpoint.
- // For example, for Let's Encrypt's DST crosssign you would use:
- // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt
- // root CA.
- // This value picks the first certificate bundle in the combined
- // set of
- // ACME default and alternative chains that has a root-most
- // certificate with
- // this value as its issuer's commonname.
- preferredChain?: strings.MaxRunes(64)
-
- // PrivateKey is the name of a Kubernetes Secret resource that
- // will be used to
- // store the automatically generated ACME account private key.
- // Optionally, a `key` may be specified to select a specific entry
- // within
- // the named Secret resource.
- // If `key` is not specified, a default of `tls.key` will be used.
- privateKeySecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // Server is the URL used to access the ACME server's 'directory'
- // endpoint.
- // For example, for Let's Encrypt's staging endpoint, you would
- // use:
- // "https://acme-staging-v02.api.letsencrypt.org/directory".
- // Only ACME v2 endpoints (i.e. RFC 8555) are supported.
- server!: string
-
- // INSECURE: Enables or disables validation of the ACME server TLS
- // certificate.
- // If true, requests to the ACME server will not have the TLS
- // certificate chain
- // validated.
- // Mutually exclusive with CABundle; prefer using CABundle to
- // prevent various
- // kinds of security vulnerabilities.
- // Only enable this option in development environments.
- // If CABundle and SkipTLSVerify are unset, the system certificate
- // bundle inside
- // the container is used to validate the TLS connection.
- // Defaults to false.
- skipTLSVerify?: bool
-
- // Solvers is a list of challenge solvers that will be used to
- // solve
- // ACME challenges for the matching domains.
- // Solver configurations must be provided in order to obtain
- // certificates
- // from an ACME server.
- // For more information, see:
- // https://cert-manager.io/docs/configuration/acme/
- solvers?: [...{
- // Configures cert-manager to attempt to complete authorizations
- // by
- // performing the DNS01 challenge flow.
- dns01?: {
- // Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to
- // manage
- // DNS01 challenge records.
- acmeDNS?: {
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- accountSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- host!: string
- }
-
- // Use the Akamai DNS zone management API to manage DNS01
- // challenge records.
- akamai?: {
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- accessTokenSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- clientSecretSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- clientTokenSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- serviceConsumerDomain!: string
- }
-
- // Use the Microsoft Azure DNS API to manage DNS01 challenge
- // records.
- azureDNS?: {
- // Auth: Azure Service Principal:
- // The ClientID of the Azure Service Principal used to
- // authenticate with Azure DNS.
- // If set, ClientSecret and TenantID must also be set.
- clientID?: string
-
- // Auth: Azure Service Principal:
- // A reference to a Secret containing the password associated with
- // the Service Principal.
- // If set, ClientID and TenantID must also be set.
- clientSecretSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // name of the Azure environment (default AzurePublicCloud)
- environment?: "AzurePublicCloud" | "AzureChinaCloud" | "AzureGermanCloud" | "AzureUSGovernmentCloud"
-
- // name of the DNS zone that should be used
- hostedZoneName?: string
-
- // Auth: Azure Workload Identity or Azure Managed Service
- // Identity:
- // Settings to enable Azure Workload Identity or Azure Managed
- // Service Identity
- // If set, ClientID, ClientSecret and TenantID must not be set.
- managedIdentity?: {
- // client ID of the managed identity, can not be used at the same
- // time as resourceID
- clientID?: string
-
- // resource ID of the managed identity, can not be used at the
- // same time as clientID
- // Cannot be used for Azure Managed Service Identity
- resourceID?: string
-
- // tenant ID of the managed identity, can not be used at the same
- // time as resourceID
- tenantID?: string
- }
-
- // resource group the DNS zone is located in
- resourceGroupName!: string
-
- // ID of the Azure subscription
- subscriptionID!: string
-
- // Auth: Azure Service Principal:
- // The TenantID of the Azure Service Principal used to
- // authenticate with Azure DNS.
- // If set, ClientID and ClientSecret must also be set.
- tenantID?: string
- }
-
- // Use the Google Cloud DNS API to manage DNS01 challenge records.
- cloudDNS?: {
- // HostedZoneName is an optional field that tells cert-manager in
- // which
- // Cloud DNS zone the challenge record has to be created.
- // If left empty cert-manager will automatically choose a zone.
- hostedZoneName?: string
- project!: string
-
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- serviceAccountSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // Use the Cloudflare API to manage DNS01 challenge records.
- cloudflare?: {
- // API key to use to authenticate with Cloudflare.
- // Note: using an API token to authenticate is now the recommended
- // method
- // as it allows greater control of permissions.
- apiKeySecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // API token used to authenticate with Cloudflare.
- apiTokenSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // Email of the account, only required when using API key based
- // authentication.
- email?: string
- }
-
- // CNAMEStrategy configures how the DNS01 provider should handle
- // CNAME
- // records when found in DNS zones.
- cnameStrategy?: "None" | "Follow"
- digitalocean?: {
- // A reference to a specific 'key' within a Secret resource.
- // In some instances, `key` is a required field.
- tokenSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // Use RFC2136 ("Dynamic Updates in the Domain Name System")
- // (https://datatracker.ietf.org/doc/rfc2136/)
- // to manage DNS01 challenge records.
- rfc2136?: {
- // The IP address or hostname of an authoritative DNS server
- // supporting
- // RFC2136 in the form host:port. If the host is an IPv6 address
- // it must be
- // enclosed in square brackets (e.g [2001:db8::1]) ; port is
- // optional.
- // This field is required.
- nameserver!: string
-
- // The TSIG Algorithm configured in the DNS supporting RFC2136.
- // Used only
- // when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
- // Supported values are (case-insensitive): ``HMACMD5`` (default),
- // ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
- tsigAlgorithm?: string
-
- // The TSIG Key name configured in the DNS.
- // If ``tsigSecretSecretRef`` is defined, this field is required.
- tsigKeyName?: string
-
- // The name of the secret containing the TSIG value.
- // If ``tsigKeyName`` is defined, this field is required.
- tsigSecretSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // Use the AWS Route53 API to manage DNS01 challenge records.
- route53?: {
- // The AccessKeyID is used for authentication.
- // Cannot be set when SecretAccessKeyID is set.
- // If neither the Access Key nor Key ID are set, we fall-back to
- // using env
- // vars, shared credentials file or AWS Instance metadata,
- // see:
- // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
- accessKeyID?: string
-
- // The SecretAccessKey is used for authentication. If set, pull
- // the AWS
- // access key ID from a key within a Kubernetes Secret.
- // Cannot be set when AccessKeyID is set.
- // If neither the Access Key nor Key ID are set, we fall-back to
- // using env
- // vars, shared credentials file or AWS Instance metadata,
- // see:
- // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
- accessKeyIDSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- auth?: {
- kubernetes!: {
- // A reference to a service account that will be used to request a
- // bound
- // token (also known as "projected token"). To use this field, you
- // must
- // configure an RBAC rule to let cert-manager request a token.
- serviceAccountRef!: {
- // TokenAudiences is an optional list of audiences to include in
- // the
- // token passed to AWS. The default token consisting of the
- // issuer's namespace
- // and name is always included.
- // If unset the audience defaults to `sts.amazonaws.com`.
- audiences?: [...string]
-
- // Name of the ServiceAccount used to request a token.
- name!: string
- }
- }
- }
-
- // If set, the provider will manage only this zone in Route53 and
- // will not do a lookup using the route53:ListHostedZonesByName
- // api call.
- hostedZoneID?: string
-
- // Override the AWS region.
- //
- // Route53 is a global service and does not have regional
- // endpoints but the
- // region specified here (or via environment variables) is used as
- // a hint to
- // help compute the correct AWS credential scope and partition
- // when it
- // connects to Route53. See:
- // - [Amazon Route 53 endpoints and
- // quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html)
- // - [Global
- // services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html)
- //
- // If you omit this region field, cert-manager will use the region
- // from
- // AWS_REGION and AWS_DEFAULT_REGION environment variables, if
- // they are set
- // in the cert-manager controller Pod.
- //
- // The `region` field is not needed if you use [IAM Roles for
- // Service Accounts
- // (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
- // Instead an AWS_REGION environment variable is added to the
- // cert-manager controller Pod by:
- // [Amazon EKS Pod Identity
- // Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook).
- // In this case this `region` field value is ignored.
- //
- // The `region` field is not needed if you use [EKS Pod
- // Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html).
- // Instead an AWS_REGION environment variable is added to the
- // cert-manager controller Pod by:
- // [Amazon EKS Pod Identity
- // Agent](https://github.com/aws/eks-pod-identity-agent),
- // In this case this `region` field value is ignored.
- region?: string
-
- // Role is a Role ARN which the Route53 provider will assume using
- // either the explicit credentials AccessKeyID/SecretAccessKey
- // or the inferred credentials from environment variables, shared
- // credentials file or AWS Instance metadata
- role?: string
-
- // The SecretAccessKey is used for authentication.
- // If neither the Access Key nor Key ID are set, we fall-back to
- // using env
- // vars, shared credentials file or AWS Instance metadata,
- // see:
- // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
- secretAccessKeySecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // Configure an external webhook based DNS01 challenge solver to
- // manage
- // DNS01 challenge records.
- webhook?: {
- // Additional configuration that should be passed to the webhook
- // apiserver
- // when challenges are processed.
- // This can contain arbitrary JSON data.
- // Secret values should not be specified in this stanza.
- // If secret values are needed (e.g. credentials for a DNS
- // service), you
- // should use a SecretKeySelector to reference a Secret resource.
- // For details on the schema of this field, consult the webhook
- // provider
- // implementation's documentation.
- config?: _
-
- // The API group name that should be used when POSTing
- // ChallengePayload
- // resources to the webhook apiserver.
- // This should be the same as the GroupName specified in the
- // webhook
- // provider implementation.
- groupName!: string
-
- // The name of the solver to use, as defined in the webhook
- // provider
- // implementation.
- // This will typically be the name of the provider, e.g.
- // 'cloudflare'.
- solverName!: string
- }
- }
-
- // Configures cert-manager to attempt to complete authorizations
- // by
- // performing the HTTP01 challenge flow.
- // It is not possible to obtain certificates for wildcard domain
- // names
- // (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
- http01?: {
- // The Gateway API is a sig-network community API that models
- // service networking
- // in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway
- // solver will
- // create HTTPRoutes with the specified labels in the same
- // namespace as the challenge.
- // This solver is experimental, and fields / behaviour may change
- // in the future.
- gatewayHTTPRoute?: {
- // Custom labels that will be applied to HTTPRoutes created by
- // cert-manager
- // while solving HTTP-01 challenges.
- labels?: close({
- [string]: string
- })
-
- // When solving an HTTP-01 challenge, cert-manager creates an
- // HTTPRoute.
- // cert-manager needs to know which parentRefs should be used when
- // creating
- // the HTTPRoute. Usually, the parentRef references a Gateway.
- // See:
- // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways
- parentRefs?: [...{
- // Group is the group of the referent.
- // When unspecified, "gateway.networking.k8s.io" is inferred.
- // To set the core API group (such as for a "Service" kind
- // referent),
- // Group must be explicitly set to "" (empty string).
- //
- // Support: Core
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io"
-
- // Kind is kind of the referent.
- //
- // There are two kinds of parent resources with "Core" support:
- //
- // * Gateway (Gateway conformance profile)
- // * Service (Mesh conformance profile, ClusterIP Services only)
- //
- // Support for other resources is Implementation-Specific.
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway"
-
- // Name is the name of the referent.
- //
- // Support: Core
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referent. When unspecified,
- // this refers
- // to the local namespace of the Route.
- //
- // Note that there are specific rules for ParentRefs which cross
- // namespace
- // boundaries. Cross-namespace references are only valid if they
- // are explicitly
- // allowed by something in the namespace they are referring to.
- // For example:
- // Gateway has the AllowedRoutes field, and ReferenceGrant
- // provides a
- // generic way to enable any other kind of cross-namespace
- // reference.
- //
- //
- // ParentRefs from a Route to a Service in the same namespace are
- // "producer"
- // routes, which apply default routing rules to inbound
- // connections from
- // any namespace to the Service.
- //
- // ParentRefs from a Route to a Service in a different namespace
- // are
- // "consumer" routes, and these routing rules are only applied to
- // outbound
- // connections originating from the same namespace as the Route,
- // for which
- // the intended destination of the connections are a Service
- // targeted as a
- // ParentRef of the Route.
- //
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port is the network port this Route targets. It can be
- // interpreted
- // differently based on the type of parent resource.
- //
- // When the parent resource is a Gateway, this targets all
- // listeners
- // listening on the specified port that also support this kind of
- // Route(and
- // select this Route). It's not recommended to set `Port` unless
- // the
- // networking behaviors specified in a Route must apply to a
- // specific port
- // as opposed to a listener(s) whose port(s) may be changed. When
- // both Port
- // and SectionName are specified, the name and port of the
- // selected listener
- // must match both specified values.
- //
- //
- // When the parent resource is a Service, this targets a specific
- // port in the
- // Service spec. When both Port (experimental) and SectionName are
- // specified,
- // the name and port of the selected port must match both
- // specified values.
- //
- //
- // Implementations MAY choose to support other parent resources.
- // Implementations supporting other types of parent resources MUST
- // clearly
- // document how/if Port is interpreted.
- //
- // For the purpose of status, an attachment is considered
- // successful as
- // long as the parent resource accepts it partially. For example,
- // Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment
- // from the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route,
- // the Route MUST be considered detached from the Gateway.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // SectionName is the name of a section within the target
- // resource. In the
- // following resources, SectionName is interpreted as the
- // following:
- //
- // * Gateway: Listener name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- // * Service: Port name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- //
- // Implementations MAY choose to support attaching Routes to other
- // resources.
- // If that is the case, they MUST clearly document how SectionName
- // is
- // interpreted.
- //
- // When unspecified (empty string), this will reference the entire
- // resource.
- // For the purpose of status, an attachment is considered
- // successful if at
- // least one section in the parent resource accepts it. For
- // example, Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment from
- // the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route, the
- // Route MUST be considered detached from the Gateway.
- //
- // Support: Core
- sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
- }]
-
- // Optional pod template used to configure the ACME challenge
- // solver pods
- // used for HTTP01 challenges.
- podTemplate?: {
- // ObjectMeta overrides for the pod used to solve HTTP01
- // challenges.
- // Only the 'labels' and 'annotations' fields may be set.
- // If labels or annotations overlap with in-built values, the
- // values here
- // will override the in-built values.
- metadata?: {
- // Annotations that should be added to the created ACME HTTP01
- // solver pods.
- annotations?: close({
- [string]: string
- })
-
- // Labels that should be added to the created ACME HTTP01 solver
- // pods.
- labels?: close({
- [string]: string
- })
- }
-
- // PodSpec defines overrides for the HTTP01 challenge solver pod.
- // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out
- // currently supported fields.
- // All other fields will be ignored.
- spec?: {
- // If specified, the pod's scheduling constraints
- affinity?: {
- // Describes node affinity scheduling rules for the pod.
- nodeAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the affinity expressions specified by this field, but it may
- // choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node matches the corresponding
- // matchExpressions; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // A node selector term, associated with the corresponding weight.
- preference!: {
- // A list of node selector requirements by node's labels.
- matchExpressions?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
-
- // A list of node selector requirements by node's fields.
- matchFields?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
- }
-
- // Weight associated with matching the corresponding
- // nodeSelectorTerm, in the range 1-100.
- weight!: int32
- }]
- requiredDuringSchedulingIgnoredDuringExecution?: {
- // Required. A list of node selector terms. The terms are ORed.
- nodeSelectorTerms!: [...{
- // A list of node selector requirements by node's labels.
- matchExpressions?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
-
- // A list of node selector requirements by node's fields.
- matchFields?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
- }]
- }
- }
-
- // Describes pod affinity scheduling rules (e.g. co-locate this
- // pod in the same node, zone, etc. as some other pod(s)).
- podAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the affinity expressions specified by this field, but it may
- // choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node has pods which matches the
- // corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // Required. A pod affinity term, associated with the
- // corresponding weight.
- podAffinityTerm!: {
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }
-
- // weight associated with matching the corresponding
- // podAffinityTerm,
- // in the range 1-100.
- weight!: int32
- }]
-
- // If the affinity requirements specified by this field are not
- // met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to
- // be met
- // at some point during pod execution (e.g. due to a pod label
- // update), the
- // system may or may not try to eventually evict the pod from its
- // node.
- // When there are multiple elements, the lists of nodes
- // corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be
- // satisfied.
- requiredDuringSchedulingIgnoredDuringExecution?: [...{
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }]
- }
-
- // Describes pod anti-affinity scheduling rules (e.g. avoid
- // putting this pod in the same node, zone, etc. as some other
- // pod(s)).
- podAntiAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the anti-affinity expressions specified by this field, but it
- // may choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling anti-affinity expressions,
- // etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node has pods which matches the
- // corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // Required. A pod affinity term, associated with the
- // corresponding weight.
- podAffinityTerm!: {
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }
-
- // weight associated with matching the corresponding
- // podAffinityTerm,
- // in the range 1-100.
- weight!: int32
- }]
-
- // If the anti-affinity requirements specified by this field are
- // not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the anti-affinity requirements specified by this field cease
- // to be met
- // at some point during pod execution (e.g. due to a pod label
- // update), the
- // system may or may not try to eventually evict the pod from its
- // node.
- // When there are multiple elements, the lists of nodes
- // corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be
- // satisfied.
- requiredDuringSchedulingIgnoredDuringExecution?: [...{
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }]
- }
- }
-
- // If specified, the pod's imagePullSecrets
- imagePullSecrets?: [...{
- // Name of the referent.
- // This field is effectively required, but due to backwards
- // compatibility is
- // allowed to be empty. Instances of this type with an empty value
- // here are
- // almost certainly wrong.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name?: string | *""
- }]
-
- // NodeSelector is a selector which must be true for the pod to
- // fit on a node.
- // Selector which must match a node's labels for the pod to be
- // scheduled on that node.
- // More info:
- // https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- nodeSelector?: close({
- [string]: string
- })
-
- // If specified, the pod's priorityClassName.
- priorityClassName?: string
-
- // If specified, the pod's security context
- securityContext?: {
- // A special supplemental group that applies to all containers in
- // a pod.
- // Some volume types allow the Kubelet to change the ownership of
- // that volume
- // to be owned by the pod:
- //
- // 1. The owning GID will be the FSGroup
- // 2. The setgid bit is set (new files created in the volume will
- // be owned by FSGroup)
- // 3. The permission bits are OR'd with rw-rw----
- //
- // If unset, the Kubelet will not modify the ownership and
- // permissions of any volume.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- fsGroup?: int64
-
- // fsGroupChangePolicy defines behavior of changing ownership and
- // permission of the volume
- // before being exposed inside Pod. This field will only apply to
- // volume types which support fsGroup based ownership(and
- // permissions).
- // It will have no effect on ephemeral volume types such as:
- // secret, configmaps
- // and emptydir.
- // Valid values are "OnRootMismatch" and "Always". If not
- // specified, "Always" is used.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- fsGroupChangePolicy?: string
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- runAsGroup?: int64
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to
- // ensure that it
- // does not run as UID 0 (root) and fail to start the container if
- // it does.
- // If unset or false, no such validation will be performed.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence.
- runAsNonRoot?: bool
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- runAsUser?: int64
-
- // The SELinux context to be applied to all containers.
- // If unspecified, the container runtime will allocate a random
- // SELinux context for each
- // container. May also be set in SecurityContext. If set in
- // both SecurityContext and PodSecurityContext, the value
- // specified in SecurityContext
- // takes precedence for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- seLinuxOptions?: {
- // Level is SELinux level label that applies to the container.
- level?: string
-
- // Role is a SELinux role label that applies to the container.
- role?: string
-
- // Type is a SELinux type label that applies to the container.
- type?: string
-
- // User is a SELinux user label that applies to the container.
- user?: string
- }
-
- // The seccomp options to use by the containers in this pod.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- seccompProfile?: {
- // localhostProfile indicates a profile defined in a file on the
- // node should be used.
- // The profile must be preconfigured on the node to work.
- // Must be a descending path, relative to the kubelet's configured
- // seccomp profile location.
- // Must be set if type is "Localhost". Must NOT be set for any
- // other type.
- localhostProfile?: string
-
- // type indicates which kind of seccomp profile will be applied.
- // Valid options are:
- //
- // Localhost - a profile defined in a file on the node should be
- // used.
- // RuntimeDefault - the container runtime default profile should
- // be used.
- // Unconfined - no profile should be applied.
- type!: string
- }
-
- // A list of groups applied to the first process run in each
- // container, in addition
- // to the container's primary GID, the fsGroup (if specified), and
- // group memberships
- // defined in the container image for the uid of the container
- // process. If unspecified,
- // no additional groups are added to any container. Note that
- // group memberships
- // defined in the container image for the uid of the container
- // process are still effective,
- // even if they are not included in this list.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- supplementalGroups?: [...int64 & int]
-
- // Sysctls hold a list of namespaced sysctls used for the pod.
- // Pods with unsupported
- // sysctls (by the container runtime) might fail to launch.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- sysctls?: [...{
- // Name of a property to set
- name!: string
-
- // Value of a property to set
- value!: string
- }]
- }
-
- // If specified, the pod's service account
- serviceAccountName?: string
-
- // If specified, the pod's tolerations.
- tolerations?: [...{
- // Effect indicates the taint effect to match. Empty means match
- // all taint effects.
- // When specified, allowed values are NoSchedule, PreferNoSchedule
- // and NoExecute.
- effect?: string
-
- // Key is the taint key that the toleration applies to. Empty
- // means match all taint keys.
- // If the key is empty, operator must be Exists; this combination
- // means to match all values and all keys.
- key?: string
-
- // Operator represents a key's relationship to the value.
- // Valid operators are Exists and Equal. Defaults to Equal.
- // Exists is equivalent to wildcard for value, so that a pod can
- // tolerate all taints of a particular category.
- operator?: string
-
- // TolerationSeconds represents the period of time the toleration
- // (which must be
- // of effect NoExecute, otherwise this field is ignored) tolerates
- // the taint. By default,
- // it is not set, which means tolerate the taint forever (do not
- // evict). Zero and
- // negative values will be treated as 0 (evict immediately) by the
- // system.
- tolerationSeconds?: int64
-
- // Value is the taint value the toleration matches to.
- // If the operator is Exists, the value should be empty, otherwise
- // just a regular string.
- value?: string
- }]
- }
- }
-
- // Optional service type for Kubernetes solver service. Supported
- // values
- // are NodePort or ClusterIP. If unset, defaults to NodePort.
- serviceType?: string
- }
-
- // The ingress based HTTP01 challenge solver will solve challenges
- // by
- // creating or modifying Ingress resources in order to route
- // requests for
- // '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods
- // that are
- // provisioned by cert-manager for each Challenge to be completed.
- ingress?: {
- // This field configures the annotation
- // `kubernetes.io/ingress.class` when
- // creating Ingress resources to solve ACME challenges that use
- // this
- // challenge solver. Only one of `class`, `name` or
- // `ingressClassName` may
- // be specified.
- class?: string
-
- // This field configures the field `ingressClassName` on the
- // created Ingress
- // resources used to solve ACME challenges that use this challenge
- // solver.
- // This is the recommended way of configuring the ingress class.
- // Only one of
- // `class`, `name` or `ingressClassName` may be specified.
- ingressClassName?: string
- ingressTemplate?: {
- // ObjectMeta overrides for the ingress used to solve HTTP01
- // challenges.
- // Only the 'labels' and 'annotations' fields may be set.
- // If labels or annotations overlap with in-built values, the
- // values here
- // will override the in-built values.
- metadata?: {
- // Annotations that should be added to the created ACME HTTP01
- // solver ingress.
- annotations?: close({
- [string]: string
- })
-
- // Labels that should be added to the created ACME HTTP01 solver
- // ingress.
- labels?: close({
- [string]: string
- })
- }
- }
-
- // The name of the ingress resource that should have ACME
- // challenge solving
- // routes inserted into it in order to solve HTTP01 challenges.
- // This is typically used in conjunction with ingress controllers
- // like
- // ingress-gce, which maintains a 1:1 mapping between external IPs
- // and
- // ingress resources. Only one of `class`, `name` or
- // `ingressClassName` may
- // be specified.
- name?: string
-
- // Optional pod template used to configure the ACME challenge
- // solver pods
- // used for HTTP01 challenges.
- podTemplate?: {
- // ObjectMeta overrides for the pod used to solve HTTP01
- // challenges.
- // Only the 'labels' and 'annotations' fields may be set.
- // If labels or annotations overlap with in-built values, the
- // values here
- // will override the in-built values.
- metadata?: {
- // Annotations that should be added to the created ACME HTTP01
- // solver pods.
- annotations?: close({
- [string]: string
- })
-
- // Labels that should be added to the created ACME HTTP01 solver
- // pods.
- labels?: close({
- [string]: string
- })
- }
-
- // PodSpec defines overrides for the HTTP01 challenge solver pod.
- // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out
- // currently supported fields.
- // All other fields will be ignored.
- spec?: {
- // If specified, the pod's scheduling constraints
- affinity?: {
- // Describes node affinity scheduling rules for the pod.
- nodeAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the affinity expressions specified by this field, but it may
- // choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node matches the corresponding
- // matchExpressions; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // A node selector term, associated with the corresponding weight.
- preference!: {
- // A list of node selector requirements by node's labels.
- matchExpressions?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
-
- // A list of node selector requirements by node's fields.
- matchFields?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
- }
-
- // Weight associated with matching the corresponding
- // nodeSelectorTerm, in the range 1-100.
- weight!: int32
- }]
- requiredDuringSchedulingIgnoredDuringExecution?: {
- // Required. A list of node selector terms. The terms are ORed.
- nodeSelectorTerms!: [...{
- // A list of node selector requirements by node's labels.
- matchExpressions?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
-
- // A list of node selector requirements by node's fields.
- matchFields?: [...{
- // The label key that the selector applies to.
- key!: string
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and
- // Lt.
- operator!: string
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt,
- // the values
- // array must have a single element, which will be interpreted as
- // an integer.
- // This array is replaced during a strategic merge patch.
- values?: [...string]
- }]
- }]
- }
- }
-
- // Describes pod affinity scheduling rules (e.g. co-locate this
- // pod in the same node, zone, etc. as some other pod(s)).
- podAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the affinity expressions specified by this field, but it may
- // choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node has pods which matches the
- // corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // Required. A pod affinity term, associated with the
- // corresponding weight.
- podAffinityTerm!: {
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }
-
- // weight associated with matching the corresponding
- // podAffinityTerm,
- // in the range 1-100.
- weight!: int32
- }]
-
- // If the affinity requirements specified by this field are not
- // met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to
- // be met
- // at some point during pod execution (e.g. due to a pod label
- // update), the
- // system may or may not try to eventually evict the pod from its
- // node.
- // When there are multiple elements, the lists of nodes
- // corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be
- // satisfied.
- requiredDuringSchedulingIgnoredDuringExecution?: [...{
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }]
- }
-
- // Describes pod anti-affinity scheduling rules (e.g. avoid
- // putting this pod in the same node, zone, etc. as some other
- // pod(s)).
- podAntiAffinity?: {
- // The scheduler will prefer to schedule pods to nodes that
- // satisfy
- // the anti-affinity expressions specified by this field, but it
- // may choose
- // a node that violates one or more of the expressions. The node
- // that is
- // most preferred is the one with the greatest sum of weights,
- // i.e.
- // for each node that meets all of the scheduling requirements
- // (resource
- // request, requiredDuringScheduling anti-affinity expressions,
- // etc.),
- // compute a sum by iterating through the elements of this field
- // and adding
- // "weight" to the sum if the node has pods which matches the
- // corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- preferredDuringSchedulingIgnoredDuringExecution?: [...{
- // Required. A pod affinity term, associated with the
- // corresponding weight.
- podAffinityTerm!: {
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }
-
- // weight associated with matching the corresponding
- // podAffinityTerm,
- // in the range 1-100.
- weight!: int32
- }]
-
- // If the anti-affinity requirements specified by this field are
- // not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the anti-affinity requirements specified by this field cease
- // to be met
- // at some point during pod execution (e.g. due to a pod label
- // update), the
- // system may or may not try to eventually evict the pod from its
- // node.
- // When there are multiple elements, the lists of nodes
- // corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be
- // satisfied.
- requiredDuringSchedulingIgnoredDuringExecution?: [...{
- // A label query over a set of resources, in this case pods.
- // If it's null, this PodAffinityTerm matches with no Pods.
- labelSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // MatchLabelKeys is a set of pod label keys to select which pods
- // will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key in (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both matchLabelKeys and
- // labelSelector.
- // Also, matchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- matchLabelKeys?: [...string]
-
- // MismatchLabelKeys is a set of pod label keys to select which
- // pods will
- // be taken into consideration. The keys are used to lookup values
- // from the
- // incoming pod labels, those key-value labels are merged with
- // `labelSelector` as `key notin (value)`
- // to select the group of existing pods which pods will be taken
- // into consideration
- // for the incoming pod's pod (anti) affinity. Keys that don't
- // exist in the incoming
- // pod labels will be ignored. The default value is empty.
- // The same key is forbidden to exist in both mismatchLabelKeys
- // and labelSelector.
- // Also, mismatchLabelKeys cannot be set when labelSelector isn't
- // set.
- // This is a beta field and requires enabling
- // MatchLabelKeysInPodAffinity feature gate (enabled by default).
- mismatchLabelKeys?: [...string]
-
- // A label query over the set of namespaces that the term applies
- // to.
- // The term is applied to the union of the namespaces selected by
- // this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this
- // pod's namespace".
- // An empty selector ({}) matches all namespaces.
- namespaceSelector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
-
- // namespaces specifies a static list of namespace names that the
- // term applies to.
- // The term is applied to the union of the namespaces listed in
- // this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means
- // "this pod's namespace".
- namespaces?: [...string]
-
- // This pod should be co-located (affinity) or not co-located
- // (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located
- // is defined as running on a node
- // whose value of the label with key topologyKey matches that of
- // any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey!: string
- }]
- }
- }
-
- // If specified, the pod's imagePullSecrets
- imagePullSecrets?: [...{
- // Name of the referent.
- // This field is effectively required, but due to backwards
- // compatibility is
- // allowed to be empty. Instances of this type with an empty value
- // here are
- // almost certainly wrong.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name?: string | *""
- }]
-
- // NodeSelector is a selector which must be true for the pod to
- // fit on a node.
- // Selector which must match a node's labels for the pod to be
- // scheduled on that node.
- // More info:
- // https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- nodeSelector?: close({
- [string]: string
- })
-
- // If specified, the pod's priorityClassName.
- priorityClassName?: string
-
- // If specified, the pod's security context
- securityContext?: {
- // A special supplemental group that applies to all containers in
- // a pod.
- // Some volume types allow the Kubelet to change the ownership of
- // that volume
- // to be owned by the pod:
- //
- // 1. The owning GID will be the FSGroup
- // 2. The setgid bit is set (new files created in the volume will
- // be owned by FSGroup)
- // 3. The permission bits are OR'd with rw-rw----
- //
- // If unset, the Kubelet will not modify the ownership and
- // permissions of any volume.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- fsGroup?: int64
-
- // fsGroupChangePolicy defines behavior of changing ownership and
- // permission of the volume
- // before being exposed inside Pod. This field will only apply to
- // volume types which support fsGroup based ownership(and
- // permissions).
- // It will have no effect on ephemeral volume types such as:
- // secret, configmaps
- // and emptydir.
- // Valid values are "OnRootMismatch" and "Always". If not
- // specified, "Always" is used.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- fsGroupChangePolicy?: string
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- runAsGroup?: int64
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to
- // ensure that it
- // does not run as UID 0 (root) and fail to start the container if
- // it does.
- // If unset or false, no such validation will be performed.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence.
- runAsNonRoot?: bool
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in SecurityContext. If set in both
- // SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext
- // takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- runAsUser?: int64
-
- // The SELinux context to be applied to all containers.
- // If unspecified, the container runtime will allocate a random
- // SELinux context for each
- // container. May also be set in SecurityContext. If set in
- // both SecurityContext and PodSecurityContext, the value
- // specified in SecurityContext
- // takes precedence for that container.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- seLinuxOptions?: {
- // Level is SELinux level label that applies to the container.
- level?: string
-
- // Role is a SELinux role label that applies to the container.
- role?: string
-
- // Type is a SELinux type label that applies to the container.
- type?: string
-
- // User is a SELinux user label that applies to the container.
- user?: string
- }
-
- // The seccomp options to use by the containers in this pod.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- seccompProfile?: {
- // localhostProfile indicates a profile defined in a file on the
- // node should be used.
- // The profile must be preconfigured on the node to work.
- // Must be a descending path, relative to the kubelet's configured
- // seccomp profile location.
- // Must be set if type is "Localhost". Must NOT be set for any
- // other type.
- localhostProfile?: string
-
- // type indicates which kind of seccomp profile will be applied.
- // Valid options are:
- //
- // Localhost - a profile defined in a file on the node should be
- // used.
- // RuntimeDefault - the container runtime default profile should
- // be used.
- // Unconfined - no profile should be applied.
- type!: string
- }
-
- // A list of groups applied to the first process run in each
- // container, in addition
- // to the container's primary GID, the fsGroup (if specified), and
- // group memberships
- // defined in the container image for the uid of the container
- // process. If unspecified,
- // no additional groups are added to any container. Note that
- // group memberships
- // defined in the container image for the uid of the container
- // process are still effective,
- // even if they are not included in this list.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- supplementalGroups?: [...int64 & int]
-
- // Sysctls hold a list of namespaced sysctls used for the pod.
- // Pods with unsupported
- // sysctls (by the container runtime) might fail to launch.
- // Note that this field cannot be set when spec.os.name is
- // windows.
- sysctls?: [...{
- // Name of a property to set
- name!: string
-
- // Value of a property to set
- value!: string
- }]
- }
-
- // If specified, the pod's service account
- serviceAccountName?: string
-
- // If specified, the pod's tolerations.
- tolerations?: [...{
- // Effect indicates the taint effect to match. Empty means match
- // all taint effects.
- // When specified, allowed values are NoSchedule, PreferNoSchedule
- // and NoExecute.
- effect?: string
-
- // Key is the taint key that the toleration applies to. Empty
- // means match all taint keys.
- // If the key is empty, operator must be Exists; this combination
- // means to match all values and all keys.
- key?: string
-
- // Operator represents a key's relationship to the value.
- // Valid operators are Exists and Equal. Defaults to Equal.
- // Exists is equivalent to wildcard for value, so that a pod can
- // tolerate all taints of a particular category.
- operator?: string
-
- // TolerationSeconds represents the period of time the toleration
- // (which must be
- // of effect NoExecute, otherwise this field is ignored) tolerates
- // the taint. By default,
- // it is not set, which means tolerate the taint forever (do not
- // evict). Zero and
- // negative values will be treated as 0 (evict immediately) by the
- // system.
- tolerationSeconds?: int64
-
- // Value is the taint value the toleration matches to.
- // If the operator is Exists, the value should be empty, otherwise
- // just a regular string.
- value?: string
- }]
- }
- }
-
- // Optional service type for Kubernetes solver service. Supported
- // values
- // are NodePort or ClusterIP. If unset, defaults to NodePort.
- serviceType?: string
- }
- }
-
- // Selector selects a set of DNSNames on the Certificate resource
- // that
- // should be solved using this challenge solver.
- // If not specified, the solver will be treated as the 'default'
- // solver
- // with the lowest priority, i.e. if any other solver has a more
- // specific
- // match, it will be used instead.
- selector?: {
- // List of DNSNames that this solver will be used to solve.
- // If specified and a match is found, a dnsNames selector will
- // take
- // precedence over a dnsZones selector.
- // If multiple solvers match with the same dnsNames value, the
- // solver
- // with the most matching labels in matchLabels will be selected.
- // If neither has more matches, the solver defined earlier in the
- // list
- // will be selected.
- dnsNames?: [...string]
-
- // List of DNSZones that this solver will be used to solve.
- // The most specific DNS zone match specified here will take
- // precedence
- // over other DNS zone matches, so a solver specifying
- // sys.example.com
- // will be selected over one specifying example.com for the domain
- // www.sys.example.com.
- // If multiple solvers match with the same dnsZones value, the
- // solver
- // with the most matching labels in matchLabels will be selected.
- // If neither has more matches, the solver defined earlier in the
- // list
- // will be selected.
- dnsZones?: [...string]
-
- // A label selector that is used to refine the set of
- // certificate's that
- // this challenge solver will apply to.
- matchLabels?: close({
- [string]: string
- })
- }
- }]
- }
-
- // CA configures this issuer to sign certificates using a signing
- // CA keypair
- // stored in a Secret resource.
- // This is used to build internal PKIs that are managed by
- // cert-manager.
- ca?: {
- // The CRL distribution points is an X.509 v3 certificate
- // extension which identifies
- // the location of the CRL from which the revocation of this
- // certificate can be checked.
- // If not set, certificates will be issued without distribution
- // points set.
- crlDistributionPoints?: [...string]
-
- // IssuingCertificateURLs is a list of URLs which this issuer
- // should embed into certificates
- // it creates. See
- // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for
- // more details.
- // As an example, such a URL might be
- // "http://ca.domain.com/ca.crt".
- issuingCertificateURLs?: [...string]
-
- // The OCSP server list is an X.509 v3 extension that defines a
- // list of
- // URLs of OCSP responders. The OCSP responders can be queried for
- // the
- // revocation status of an issued certificate. If not set, the
- // certificate will be issued with no OCSP servers set. For
- // example, an
- // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
- ocspServers?: [...string]
-
- // SecretName is the name of the secret used to sign Certificates
- // issued
- // by this Issuer.
- secretName!: string
- }
- selfSigned?: {
- // The CRL distribution points is an X.509 v3 certificate
- // extension which identifies
- // the location of the CRL from which the revocation of this
- // certificate can be checked.
- // If not set certificate will be issued without CDP. Values are
- // strings.
- crlDistributionPoints?: [...string]
- }
-
- // Vault configures this issuer to sign certificates using a
- // HashiCorp Vault
- // PKI backend.
- vault?: {
- // Auth configures how cert-manager authenticates with the Vault
- // server.
- auth!: {
- // AppRole authenticates with Vault using the App Role auth
- // mechanism,
- // with the role and secret stored in a Kubernetes Secret
- // resource.
- appRole?: {
- // Path where the App Role authentication backend is mounted in
- // Vault, e.g:
- // "approle"
- path!: string
-
- // RoleID configured in the App Role authentication backend when
- // setting
- // up the authentication backend in Vault.
- roleId!: string
-
- // Reference to a key in a Secret that contains the App Role
- // secret used
- // to authenticate with Vault.
- // The `key` field must be specified and denotes which entry
- // within the Secret
- // resource is used as the app role secret.
- secretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // ClientCertificate authenticates with Vault by presenting a
- // client
- // certificate during the request's TLS handshake.
- // Works only when using HTTPS protocol.
- clientCertificate?: {
- // The Vault mountPath here is the mount path to use when
- // authenticating with
- // Vault. For example, setting a value to `/v1/auth/foo`, will use
- // the path
- // `/v1/auth/foo/login` to authenticate with Vault. If
- // unspecified, the
- // default value "/v1/auth/cert" will be used.
- mountPath?: string
-
- // Name of the certificate role to authenticate against.
- // If not set, matching any certificate role, if available.
- name?: string
-
- // Reference to Kubernetes Secret of type "kubernetes.io/tls"
- // (hence containing
- // tls.crt and tls.key) used to authenticate to Vault using TLS
- // client
- // authentication.
- secretName?: string
- }
-
- // Kubernetes authenticates with Vault by passing the
- // ServiceAccount
- // token stored in the named Secret resource to the Vault server.
- kubernetes?: {
- // The Vault mountPath here is the mount path to use when
- // authenticating with
- // Vault. For example, setting a value to `/v1/auth/foo`, will use
- // the path
- // `/v1/auth/foo/login` to authenticate with Vault. If
- // unspecified, the
- // default value "/v1/auth/kubernetes" will be used.
- mountPath?: string
-
- // A required field containing the Vault Role to assume. A Role
- // binds a
- // Kubernetes ServiceAccount with a set of Vault policies.
- role!: string
-
- // The required Secret field containing a Kubernetes
- // ServiceAccount JWT used
- // for authenticating with Vault. Use of 'ambient credentials' is
- // not
- // supported.
- secretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // A reference to a service account that will be used to request a
- // bound
- // token (also known as "projected token"). Compared to using
- // "secretRef",
- // using this field means that you don't rely on statically bound
- // tokens. To
- // use this field, you must configure an RBAC rule to let
- // cert-manager
- // request a token.
- serviceAccountRef?: {
- // TokenAudiences is an optional list of extra audiences to
- // include in the token passed to Vault. The default token
- // consisting of the issuer's namespace and name is always
- // included.
- audiences?: [...string]
-
- // Name of the ServiceAccount used to request a token.
- name!: string
- }
- }
-
- // TokenSecretRef authenticates with Vault by presenting a token.
- tokenSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- }
-
- // Base64-encoded bundle of PEM CAs which will be used to validate
- // the certificate
- // chain presented by Vault. Only used if using HTTPS to connect
- // to Vault and
- // ignored for HTTP connections.
- // Mutually exclusive with CABundleSecretRef.
- // If neither CABundle nor CABundleSecretRef are defined, the
- // certificate bundle in
- // the cert-manager controller container is used to validate the
- // TLS connection.
- caBundle?: string
-
- // Reference to a Secret containing a bundle of PEM-encoded CAs to
- // use when
- // verifying the certificate chain presented by Vault when using
- // HTTPS.
- // Mutually exclusive with CABundle.
- // If neither CABundle nor CABundleSecretRef are defined, the
- // certificate bundle in
- // the cert-manager controller container is used to validate the
- // TLS connection.
- // If no key for the Secret is specified, cert-manager will
- // default to 'ca.crt'.
- caBundleSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // Reference to a Secret containing a PEM-encoded Client
- // Certificate to use when the
- // Vault server requires mTLS.
- clientCertSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // Reference to a Secret containing a PEM-encoded Client Private
- // Key to use when the
- // Vault server requires mTLS.
- clientKeySecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // Name of the vault namespace. Namespaces is a set of features
- // within Vault Enterprise that allows Vault environments to
- // support Secure Multi-tenancy. e.g: "ns1"
- // More about namespaces can be found here
- // https://www.vaultproject.io/docs/enterprise/namespaces
- namespace?: string
-
- // Path is the mount path of the Vault PKI backend's `sign`
- // endpoint, e.g:
- // "my_pki_mount/sign/my-role-name".
- path!: string
-
- // Server is the connection address for the Vault server, e.g:
- // "https://vault.example.com:8200".
- server!: string
- }
-
- // Venafi configures this issuer to sign certificates using a
- // Venafi TPP
- // or Venafi Cloud policy zone.
- venafi?: {
- // Cloud specifies the Venafi cloud configuration settings.
- // Only one of TPP or Cloud may be specified.
- cloud?: {
- // APITokenSecretRef is a secret key selector for the Venafi Cloud
- // API token.
- apiTokenSecretRef!: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // URL is the base URL for Venafi Cloud.
- // Defaults to "https://api.venafi.cloud/v1".
- url?: string
- }
-
- // TPP specifies Trust Protection Platform configuration settings.
- // Only one of TPP or Cloud may be specified.
- tpp?: {
- // Base64-encoded bundle of PEM CAs which will be used to validate
- // the certificate
- // chain presented by the TPP server. Only used if using HTTPS;
- // ignored for HTTP.
- // If undefined, the certificate bundle in the cert-manager
- // controller container
- // is used to validate the chain.
- caBundle?: string
-
- // Reference to a Secret containing a base64-encoded bundle of PEM
- // CAs
- // which will be used to validate the certificate chain presented
- // by the TPP server.
- // Only used if using HTTPS; ignored for HTTP. Mutually exclusive
- // with CABundle.
- // If neither CABundle nor CABundleSecretRef is defined, the
- // certificate bundle in
- // the cert-manager controller container is used to validate the
- // TLS connection.
- caBundleSecretRef?: {
- // The key of the entry in the Secret resource's `data` field to
- // be used.
- // Some instances of this field may be defaulted, in others it may
- // be
- // required.
- key?: string
-
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
- credentialsRef!: {
- // Name of the resource being referred to.
- // More info:
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name!: string
- }
-
- // URL is the base URL for the vedsdk endpoint of the Venafi TPP
- // instance,
- // for example: "https://tpp.example.com/vedsdk".
- url!: string
- }
-
- // Zone is the Venafi Policy Zone to use for this issuer.
- // All requests made to the Venafi platform will be restricted by
- // the named
- // zone policy.
- // This field is required.
- zone!: string
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue
deleted file mode 100644
index 65f7bfbd6..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue
+++ /dev/null
@@ -1,2001 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
-
-package v1
-
-import (
- "strings"
- "list"
-)
-
-// HTTPRoute provides a way to route HTTP requests. This includes
-// the capability
-// to match requests by hostname, path, header, or query param.
-// Filters can be
-// used to specify additional processing steps. Backends specify
-// where matching
-// requests should be routed.
-#HTTPRoute: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "gateway.networking.k8s.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "HTTPRoute"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // Spec defines the desired state of HTTPRoute.
- spec!: #HTTPRouteSpec
-}
-
-// Spec defines the desired state of HTTPRoute.
-#HTTPRouteSpec: {
- // Hostnames defines a set of hostnames that should match against
- // the HTTP Host
- // header to select a HTTPRoute used to process the request.
- // Implementations
- // MUST ignore any port value specified in the HTTP Host header
- // while
- // performing a match and (absent of any applicable header
- // modification
- // configuration) MUST forward this header unmodified to the
- // backend.
- //
- // Valid values for Hostnames are determined by RFC 1123
- // definition of a
- // hostname with 2 notable exceptions:
- //
- // 1. IPs are not allowed.
- // 2. A hostname may be prefixed with a wildcard label (`*.`). The
- // wildcard
- // label must appear by itself as the first label.
- //
- // If a hostname is specified by both the Listener and HTTPRoute,
- // there
- // must be at least one intersecting hostname for the HTTPRoute to
- // be
- // attached to the Listener. For example:
- //
- // * A Listener with `test.example.com` as the hostname matches
- // HTTPRoutes
- // that have either not specified any hostnames, or have specified
- // at
- // least one of `test.example.com` or `*.example.com`.
- // * A Listener with `*.example.com` as the hostname matches
- // HTTPRoutes
- // that have either not specified any hostnames or have specified
- // at least
- // one hostname that matches the Listener hostname. For example,
- // `*.example.com`, `test.example.com`, and `foo.test.example.com`
- // would
- // all match. On the other hand, `example.com` and
- // `test.example.net` would
- // not match.
- //
- // Hostnames that are prefixed with a wildcard label (`*.`) are
- // interpreted
- // as a suffix match. That means that a match for `*.example.com`
- // would match
- // both `test.example.com`, and `foo.test.example.com`, but not
- // `example.com`.
- //
- // If both the Listener and HTTPRoute have specified hostnames,
- // any
- // HTTPRoute hostnames that do not match the Listener hostname
- // MUST be
- // ignored. For example, if a Listener specified `*.example.com`,
- // and the
- // HTTPRoute specified `test.example.com` and `test.example.net`,
- // `test.example.net` must not be considered for a match.
- //
- // If both the Listener and HTTPRoute have specified hostnames,
- // and none
- // match with the criteria above, then the HTTPRoute is not
- // accepted. The
- // implementation must raise an 'Accepted' Condition with a status
- // of
- // `False` in the corresponding RouteParentStatus.
- //
- // In the event that multiple HTTPRoutes specify intersecting
- // hostnames (e.g.
- // overlapping wildcard matching and exact matching hostnames),
- // precedence must
- // be given to rules from the HTTPRoute with the largest number
- // of:
- //
- // * Characters in a matching non-wildcard hostname.
- // * Characters in a matching hostname.
- //
- // If ties exist across multiple Routes, the matching precedence
- // rules for
- // HTTPRouteMatches takes over.
- //
- // Support: Core
- hostnames?: list.MaxItems(16) & [...strings.MaxRunes(253) & strings.MinRunes(1) & =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"]
-
- // ParentRefs references the resources (usually Gateways) that a
- // Route wants
- // to be attached to. Note that the referenced parent resource
- // needs to
- // allow this for the attachment to be complete. For Gateways,
- // that means
- // the Gateway needs to allow attachment from Routes of this kind
- // and
- // namespace. For Services, that means the Service must either be
- // in the same
- // namespace for a "producer" route, or the mesh implementation
- // must support
- // and allow "consumer" routes for the referenced Service.
- // ReferenceGrant is
- // not applicable for governing ParentRefs to Services - it is not
- // possible to
- // create a "producer" route for a Service in a different
- // namespace from the
- // Route.
- //
- // There are two kinds of parent resources with "Core" support:
- //
- // * Gateway (Gateway conformance profile)
- // * Service (Mesh conformance profile, ClusterIP Services only)
- //
- // This API may be extended in the future to support additional
- // kinds of parent
- // resources.
- //
- // ParentRefs must be _distinct_. This means either that:
- //
- // * They select different objects. If this is the case, then
- // parentRef
- // entries are distinct. In terms of fields, this means that the
- // multi-part key defined by `group`, `kind`, `namespace`, and
- // `name` must
- // be unique across all parentRef entries in the Route.
- // * They do not select different objects, but for each optional
- // field used,
- // each ParentRef that selects the same object must set the same
- // set of
- // optional fields to different values. If one ParentRef sets a
- // combination of optional fields, all must set the same
- // combination.
- //
- // Some examples:
- //
- // * If one ParentRef sets `sectionName`, all ParentRefs
- // referencing the
- // same object must also set `sectionName`.
- // * If one ParentRef sets `port`, all ParentRefs referencing the
- // same
- // object must also set `port`.
- // * If one ParentRef sets `sectionName` and `port`, all
- // ParentRefs
- // referencing the same object must also set `sectionName` and
- // `port`.
- //
- // It is possible to separately reference multiple distinct
- // objects that may
- // be collapsed by an implementation. For example, some
- // implementations may
- // choose to merge compatible Gateway Listeners together. If that
- // is the
- // case, the list of routes attached to those resources should
- // also be
- // merged.
- //
- // Note that for ParentRefs that cross namespace boundaries, there
- // are specific
- // rules. Cross-namespace references are only valid if they are
- // explicitly
- // allowed by something in the namespace they are referring to.
- // For example,
- // Gateway has the AllowedRoutes field, and ReferenceGrant
- // provides a
- // generic way to enable other kinds of cross-namespace reference.
- parentRefs?: list.MaxItems(32) & [...{
- // Group is the group of the referent.
- // When unspecified, "gateway.networking.k8s.io" is inferred.
- // To set the core API group (such as for a "Service" kind
- // referent),
- // Group must be explicitly set to "" (empty string).
- //
- // Support: Core
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io"
-
- // Kind is kind of the referent.
- //
- // There are two kinds of parent resources with "Core" support:
- //
- // * Gateway (Gateway conformance profile)
- // * Service (Mesh conformance profile, ClusterIP Services only)
- //
- // Support for other resources is Implementation-Specific.
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway"
-
- // Name is the name of the referent.
- //
- // Support: Core
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referent. When unspecified,
- // this refers
- // to the local namespace of the Route.
- //
- // Note that there are specific rules for ParentRefs which cross
- // namespace
- // boundaries. Cross-namespace references are only valid if they
- // are explicitly
- // allowed by something in the namespace they are referring to.
- // For example:
- // Gateway has the AllowedRoutes field, and ReferenceGrant
- // provides a
- // generic way to enable any other kind of cross-namespace
- // reference.
- //
- //
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port is the network port this Route targets. It can be
- // interpreted
- // differently based on the type of parent resource.
- //
- // When the parent resource is a Gateway, this targets all
- // listeners
- // listening on the specified port that also support this kind of
- // Route(and
- // select this Route). It's not recommended to set `Port` unless
- // the
- // networking behaviors specified in a Route must apply to a
- // specific port
- // as opposed to a listener(s) whose port(s) may be changed. When
- // both Port
- // and SectionName are specified, the name and port of the
- // selected listener
- // must match both specified values.
- //
- //
- //
- // Implementations MAY choose to support other parent resources.
- // Implementations supporting other types of parent resources MUST
- // clearly
- // document how/if Port is interpreted.
- //
- // For the purpose of status, an attachment is considered
- // successful as
- // long as the parent resource accepts it partially. For example,
- // Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment
- // from the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route,
- // the Route MUST be considered detached from the Gateway.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // SectionName is the name of a section within the target
- // resource. In the
- // following resources, SectionName is interpreted as the
- // following:
- //
- // * Gateway: Listener name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- // * Service: Port name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- //
- // Implementations MAY choose to support attaching Routes to other
- // resources.
- // If that is the case, they MUST clearly document how SectionName
- // is
- // interpreted.
- //
- // When unspecified (empty string), this will reference the entire
- // resource.
- // For the purpose of status, an attachment is considered
- // successful if at
- // least one section in the parent resource accepts it. For
- // example, Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment from
- // the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route, the
- // Route MUST be considered detached from the Gateway.
- //
- // Support: Core
- sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
- }]
-
- // Rules are a list of HTTP matchers, filters and actions.
- rules?: list.MaxItems(16) & [...{
- // BackendRefs defines the backend(s) where matching requests
- // should be
- // sent.
- //
- // Failure behavior here depends on how many BackendRefs are
- // specified and
- // how many are invalid.
- //
- // If *all* entries in BackendRefs are invalid, and there are also
- // no filters
- // specified in this route rule, *all* traffic which matches this
- // rule MUST
- // receive a 500 status code.
- //
- // See the HTTPBackendRef definition for the rules about what
- // makes a single
- // HTTPBackendRef invalid.
- //
- // When a HTTPBackendRef is invalid, 500 status codes MUST be
- // returned for
- // requests that would have otherwise been routed to an invalid
- // backend. If
- // multiple backends are specified, and some are invalid, the
- // proportion of
- // requests that would otherwise have been routed to an invalid
- // backend
- // MUST receive a 500 status code.
- //
- // For example, if two backends are specified with equal weights,
- // and one is
- // invalid, 50 percent of traffic must receive a 500.
- // Implementations may
- // choose how that 50 percent is determined.
- //
- // When a HTTPBackendRef refers to a Service that has no ready
- // endpoints,
- // implementations SHOULD return a 503 for requests to that
- // backend instead.
- // If an implementation chooses to do this, all of the above rules
- // for 500 responses
- // MUST also apply for responses that return a 503.
- //
- // Support: Core for Kubernetes Service
- //
- // Support: Extended for Kubernetes ServiceImport
- //
- // Support: Implementation-specific for any other resource
- //
- // Support for weight: Core
- backendRefs?: list.MaxItems(16) & [...{
- // Filters defined at this level should be executed if and only if
- // the
- // request is being forwarded to the backend defined here.
- //
- // Support: Implementation-specific (For broader support of
- // filters, use the
- // Filters field in HTTPRouteRule.)
- filters?: list.MaxItems(16) & [...{
- // ExtensionRef is an optional, implementation-specific extension
- // to the
- // "filter" behavior. For example, resource "myroutefilter" in
- // group
- // "networking.example.net"). ExtensionRef MUST NOT be used for
- // core and
- // extended filters.
- //
- // This filter can be used multiple times within the same rule.
- //
- // Support: Implementation-specific
- extensionRef?: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent. For example "HTTPRoute" or
- // "Service".
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
- }
-
- // RequestHeaderModifier defines a schema for a filter that
- // modifies request
- // headers.
- //
- // Support: Core
- requestHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
- requestMirror?: {
- // BackendRef references a resource where mirrored requests are
- // sent.
- //
- // Mirrored requests must be sent only to a single destination
- // endpoint
- // within this BackendRef, irrespective of how many endpoints are
- // present
- // within this BackendRef.
- //
- // If the referent cannot be found, this BackendRef is invalid and
- // must be
- // dropped from the Gateway. The controller must ensure the
- // "ResolvedRefs"
- // condition on the Route status is set to `status: False` and not
- // configure
- // this backend in the underlying implementation.
- //
- // If there is a cross-namespace reference to an *existing* object
- // that is not allowed by a ReferenceGrant, the controller must
- // ensure the
- // "ResolvedRefs" condition on the Route is set to `status:
- // False`,
- // with the "RefNotPermitted" reason and not configure this
- // backend in the
- // underlying implementation.
- //
- // In either error case, the Message of the `ResolvedRefs`
- // Condition
- // should be used to provide more detail about the problem.
- //
- // Support: Extended for Kubernetes Service
- //
- // Support: Implementation-specific for any other resource
- backendRef!: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
- }
- }
-
- // RequestRedirect defines a schema for a filter that responds to
- // the
- // request with an HTTP redirection.
- //
- // Support: Core
- requestRedirect?: {
- // Hostname is the hostname to be used in the value of the
- // `Location`
- // header in the response.
- // When empty, the hostname in the `Host` header of the request is
- // used.
- //
- // Support: Core
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines parameters used to modify the path of the incoming
- // request.
- // The modified path is then used to construct the `Location`
- // header. When
- // empty, the request path is used as-is.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
-
- // Port is the port to be used in the value of the `Location`
- // header in the response.
- //
- // If no port is specified, the redirect port MUST be derived
- // using the
- // following rules:
- //
- // * If redirect scheme is not-empty, the redirect port MUST be
- // the well-known
- // port associated with the redirect scheme. Specifically "http"
- // to port 80
- // and "https" to port 443. If the redirect scheme does not have a
- // well-known port, the listener port of the Gateway SHOULD be
- // used.
- // * If redirect scheme is empty, the redirect port MUST be the
- // Gateway
- // Listener port.
- //
- // Implementations SHOULD NOT add the port number in the
- // 'Location'
- // header in the following cases:
- //
- // * A Location header that will use HTTP (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 80.
- // * A Location header that will use HTTPS (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 443.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // Scheme is the scheme to be used in the value of the `Location`
- // header in
- // the response. When empty, the scheme of the request is used.
- //
- // Scheme redirects can affect the port of the redirect, for more
- // information,
- // refer to the documentation for the port field of this filter.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Extended
- scheme?: "http" | "https"
-
- // StatusCode is the HTTP status code to be used in response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Core
- statusCode?: (301 | 302) & int | *302
- }
-
- // ResponseHeaderModifier defines a schema for a filter that
- // modifies response
- // headers.
- //
- // Support: Extended
- responseHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // Type identifies the type of filter to apply. As with other API
- // fields,
- // types are classified into three conformance levels:
- //
- // - Core: Filter types and their corresponding configuration
- // defined by
- // "Support: Core" in this package, e.g. "RequestHeaderModifier".
- // All
- // implementations must support core filters.
- //
- // - Extended: Filter types and their corresponding configuration
- // defined by
- // "Support: Extended" in this package, e.g. "RequestMirror".
- // Implementers
- // are encouraged to support extended filters.
- //
- // - Implementation-specific: Filters that are defined and
- // supported by
- // specific vendors.
- // In the future, filters showing convergence in behavior across
- // multiple
- // implementations will be considered for inclusion in extended or
- // core
- // conformance levels. Filter-specific configuration for such
- // filters
- // is specified using the ExtensionRef field. `Type` should be set
- // to
- // "ExtensionRef" for custom filters.
- //
- // Implementers are encouraged to define custom implementation
- // types to
- // extend the core API with implementation-specific behavior.
- //
- // If a reference to a custom filter type cannot be resolved, the
- // filter
- // MUST NOT be skipped. Instead, requests that would have been
- // processed by
- // that filter MUST receive a HTTP error response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef"
-
- // URLRewrite defines a schema for a filter that modifies a
- // request during forwarding.
- //
- // Support: Extended
- urlRewrite?: {
- // Hostname is the value to be used to replace the Host header
- // value during
- // forwarding.
- //
- // Support: Extended
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines a path rewrite.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
- }
- }]
-
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
-
- // Weight specifies the proportion of requests forwarded to the
- // referenced
- // backend. This is computed as weight/(sum of all weights in this
- // BackendRefs list). For non-zero values, there may be some
- // epsilon from
- // the exact proportion defined here depending on the precision an
- // implementation supports. Weight is not a percentage and the sum
- // of
- // weights does not need to equal 100.
- //
- // If only one backend is specified and it has a weight greater
- // than 0, 100%
- // of the traffic is forwarded to that backend. If weight is set
- // to 0, no
- // traffic should be forwarded for this entry. If unspecified,
- // weight
- // defaults to 1.
- //
- // Support for this field varies based on the context where used.
- weight?: int32 & int & <=1000000 & >=0 | *1
- }]
-
- // Filters define the filters that are applied to requests that
- // match
- // this rule.
- //
- // Wherever possible, implementations SHOULD implement filters in
- // the order
- // they are specified.
- //
- // Implementations MAY choose to implement this ordering strictly,
- // rejecting
- // any combination or order of filters that can not be supported.
- // If implementations
- // choose a strict interpretation of filter ordering, they MUST
- // clearly document
- // that behavior.
- //
- // To reject an invalid combination or order of filters,
- // implementations SHOULD
- // consider the Route Rules with this configuration invalid. If
- // all Route Rules
- // in a Route are invalid, the entire Route would be considered
- // invalid. If only
- // a portion of Route Rules are invalid, implementations MUST set
- // the
- // "PartiallyInvalid" condition for the Route.
- //
- // Conformance-levels at this level are defined based on the type
- // of filter:
- //
- // - ALL core filters MUST be supported by all implementations.
- // - Implementers are encouraged to support extended filters.
- // - Implementation-specific custom filters have no API guarantees
- // across
- // implementations.
- //
- // Specifying the same filter multiple times is not supported
- // unless explicitly
- // indicated in the filter.
- //
- // All filters are expected to be compatible with each other
- // except for the
- // URLRewrite and RequestRedirect filters, which may not be
- // combined. If an
- // implementation can not support other combinations of filters,
- // they must clearly
- // document that limitation. In cases where incompatible or
- // unsupported
- // filters are specified and cause the `Accepted` condition to be
- // set to status
- // `False`, implementations may use the `IncompatibleFilters`
- // reason to specify
- // this configuration error.
- //
- // Support: Core
- filters?: list.MaxItems(16) & [...{
- // ExtensionRef is an optional, implementation-specific extension
- // to the
- // "filter" behavior. For example, resource "myroutefilter" in
- // group
- // "networking.example.net"). ExtensionRef MUST NOT be used for
- // core and
- // extended filters.
- //
- // This filter can be used multiple times within the same rule.
- //
- // Support: Implementation-specific
- extensionRef?: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent. For example "HTTPRoute" or
- // "Service".
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
- }
-
- // RequestHeaderModifier defines a schema for a filter that
- // modifies request
- // headers.
- //
- // Support: Core
- requestHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
- requestMirror?: {
- // BackendRef references a resource where mirrored requests are
- // sent.
- //
- // Mirrored requests must be sent only to a single destination
- // endpoint
- // within this BackendRef, irrespective of how many endpoints are
- // present
- // within this BackendRef.
- //
- // If the referent cannot be found, this BackendRef is invalid and
- // must be
- // dropped from the Gateway. The controller must ensure the
- // "ResolvedRefs"
- // condition on the Route status is set to `status: False` and not
- // configure
- // this backend in the underlying implementation.
- //
- // If there is a cross-namespace reference to an *existing* object
- // that is not allowed by a ReferenceGrant, the controller must
- // ensure the
- // "ResolvedRefs" condition on the Route is set to `status:
- // False`,
- // with the "RefNotPermitted" reason and not configure this
- // backend in the
- // underlying implementation.
- //
- // In either error case, the Message of the `ResolvedRefs`
- // Condition
- // should be used to provide more detail about the problem.
- //
- // Support: Extended for Kubernetes Service
- //
- // Support: Implementation-specific for any other resource
- backendRef!: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
- }
- }
-
- // RequestRedirect defines a schema for a filter that responds to
- // the
- // request with an HTTP redirection.
- //
- // Support: Core
- requestRedirect?: {
- // Hostname is the hostname to be used in the value of the
- // `Location`
- // header in the response.
- // When empty, the hostname in the `Host` header of the request is
- // used.
- //
- // Support: Core
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines parameters used to modify the path of the incoming
- // request.
- // The modified path is then used to construct the `Location`
- // header. When
- // empty, the request path is used as-is.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
-
- // Port is the port to be used in the value of the `Location`
- // header in the response.
- //
- // If no port is specified, the redirect port MUST be derived
- // using the
- // following rules:
- //
- // * If redirect scheme is not-empty, the redirect port MUST be
- // the well-known
- // port associated with the redirect scheme. Specifically "http"
- // to port 80
- // and "https" to port 443. If the redirect scheme does not have a
- // well-known port, the listener port of the Gateway SHOULD be
- // used.
- // * If redirect scheme is empty, the redirect port MUST be the
- // Gateway
- // Listener port.
- //
- // Implementations SHOULD NOT add the port number in the
- // 'Location'
- // header in the following cases:
- //
- // * A Location header that will use HTTP (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 80.
- // * A Location header that will use HTTPS (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 443.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // Scheme is the scheme to be used in the value of the `Location`
- // header in
- // the response. When empty, the scheme of the request is used.
- //
- // Scheme redirects can affect the port of the redirect, for more
- // information,
- // refer to the documentation for the port field of this filter.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Extended
- scheme?: "http" | "https"
-
- // StatusCode is the HTTP status code to be used in response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Core
- statusCode?: (301 | 302) & int | *302
- }
-
- // ResponseHeaderModifier defines a schema for a filter that
- // modifies response
- // headers.
- //
- // Support: Extended
- responseHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // Type identifies the type of filter to apply. As with other API
- // fields,
- // types are classified into three conformance levels:
- //
- // - Core: Filter types and their corresponding configuration
- // defined by
- // "Support: Core" in this package, e.g. "RequestHeaderModifier".
- // All
- // implementations must support core filters.
- //
- // - Extended: Filter types and their corresponding configuration
- // defined by
- // "Support: Extended" in this package, e.g. "RequestMirror".
- // Implementers
- // are encouraged to support extended filters.
- //
- // - Implementation-specific: Filters that are defined and
- // supported by
- // specific vendors.
- // In the future, filters showing convergence in behavior across
- // multiple
- // implementations will be considered for inclusion in extended or
- // core
- // conformance levels. Filter-specific configuration for such
- // filters
- // is specified using the ExtensionRef field. `Type` should be set
- // to
- // "ExtensionRef" for custom filters.
- //
- // Implementers are encouraged to define custom implementation
- // types to
- // extend the core API with implementation-specific behavior.
- //
- // If a reference to a custom filter type cannot be resolved, the
- // filter
- // MUST NOT be skipped. Instead, requests that would have been
- // processed by
- // that filter MUST receive a HTTP error response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef"
-
- // URLRewrite defines a schema for a filter that modifies a
- // request during forwarding.
- //
- // Support: Extended
- urlRewrite?: {
- // Hostname is the value to be used to replace the Host header
- // value during
- // forwarding.
- //
- // Support: Extended
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines a path rewrite.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
- }
- }]
-
- // Matches define conditions used for matching the rule against
- // incoming
- // HTTP requests. Each match is independent, i.e. this rule will
- // be matched
- // if **any** one of the matches is satisfied.
- //
- // For example, take the following matches configuration:
- //
- // ```
- // matches:
- // - path:
- // value: "/foo"
- // headers:
- // - name: "version"
- // value: "v2"
- // - path:
- // value: "/v2/foo"
- // ```
- //
- // For a request to match against this rule, a request must
- // satisfy
- // EITHER of the two conditions:
- //
- // - path prefixed with `/foo` AND contains the header `version:
- // v2`
- // - path prefix of `/v2/foo`
- //
- // See the documentation for HTTPRouteMatch on how to specify
- // multiple
- // match conditions that should be ANDed together.
- //
- // If no matches are specified, the default is a prefix
- // path match on "/", which has the effect of matching every
- // HTTP request.
- //
- // Proxy or Load Balancer routing configuration generated from
- // HTTPRoutes
- // MUST prioritize matches based on the following criteria,
- // continuing on
- // ties. Across all rules specified on applicable Routes,
- // precedence must be
- // given to the match having:
- //
- // * "Exact" path match.
- // * "Prefix" path match with largest number of characters.
- // * Method match.
- // * Largest number of header matches.
- // * Largest number of query param matches.
- //
- // Note: The precedence of RegularExpression path matches are
- // implementation-specific.
- //
- // If ties still exist across multiple Routes, matching precedence
- // MUST be
- // determined in order of the following criteria, continuing on
- // ties:
- //
- // * The oldest Route based on creation timestamp.
- // * The Route appearing first in alphabetical order by
- // "{namespace}/{name}".
- //
- // If ties still exist within an HTTPRoute, matching precedence
- // MUST be granted
- // to the FIRST matching rule (in list order) with a match meeting
- // the above
- // criteria.
- //
- // When no rules matching a request have been successfully
- // attached to the
- // parent a request is coming from, a HTTP 404 status code MUST be
- // returned.
- matches?: list.MaxItems(64) & [...{
- // Headers specifies HTTP request header matchers. Multiple match
- // values are
- // ANDed together, meaning, a request must match all the specified
- // headers
- // to select the route.
- headers?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, only the
- // first
- // entry with an equivalent name MUST be considered for a match.
- // Subsequent
- // entries with an equivalent header name MUST be ignored. Due to
- // the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- //
- // When a header is repeated in an HTTP request, it is
- // implementation-specific behavior as to how this is represented.
- // Generally, proxies should follow the guidance from the RFC:
- // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
- // regarding
- // processing a repeated header, with special handling for
- // "Set-Cookie".
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Type specifies how to match against the value of the header.
- //
- // Support: Core (Exact)
- //
- // Support: Implementation-specific (RegularExpression)
- //
- // Since RegularExpression HeaderMatchType has
- // implementation-specific
- // conformance, implementations can support POSIX, PCRE or any
- // other dialects
- // of regular expressions. Please read the implementation's
- // documentation to
- // determine the supported dialect.
- type?: "Exact" | "RegularExpression" | *"Exact"
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Method specifies HTTP method matcher.
- // When specified, this route will be matched only if the request
- // has the
- // specified method.
- //
- // Support: Extended
- method?: "GET" | "HEAD" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH"
-
- // Path specifies a HTTP request path matcher. If this field is
- // not
- // specified, a default prefix match on the "/" path is provided.
- path?: {
- // Type specifies how to match against the path Value.
- //
- // Support: Core (Exact, PathPrefix)
- //
- // Support: Implementation-specific (RegularExpression)
- type?: "Exact" | "PathPrefix" | "RegularExpression" | *"PathPrefix"
-
- // Value of the HTTP path to match against.
- value?: strings.MaxRunes(1024) | *"/"
- } | *{
- type: "PathPrefix"
- value: "/"
- }
-
- // QueryParams specifies HTTP query parameter matchers. Multiple
- // match
- // values are ANDed together, meaning, a request must match all
- // the
- // specified query parameters to select the route.
- //
- // Support: Extended
- queryParams?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP query param to be matched. This
- // must be an
- // exact string match. (See
- // https://tools.ietf.org/html/rfc7230#section-2.7.3).
- //
- // If multiple entries specify equivalent query param names, only
- // the first
- // entry with an equivalent name MUST be considered for a match.
- // Subsequent
- // entries with an equivalent query param name MUST be ignored.
- //
- // If a query param is repeated in an HTTP request, the behavior
- // is
- // purposely left undefined, since different data planes have
- // different
- // capabilities. However, it is *recommended* that implementations
- // should
- // match against the first value of the param if the data plane
- // supports it,
- // as this behavior is expected in other load balancing contexts
- // outside of
- // the Gateway API.
- //
- // Users SHOULD NOT route traffic based on repeated query params
- // to guard
- // themselves against potential differences in the
- // implementations.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Type specifies how to match against the value of the query
- // parameter.
- //
- // Support: Extended (Exact)
- //
- // Support: Implementation-specific (RegularExpression)
- //
- // Since RegularExpression QueryParamMatchType has
- // Implementation-specific
- // conformance, implementations can support POSIX, PCRE or any
- // other
- // dialects of regular expressions. Please read the
- // implementation's
- // documentation to determine the supported dialect.
- type?: "Exact" | "RegularExpression" | *"Exact"
-
- // Value is the value of HTTP query param to be matched.
- value!: strings.MaxRunes(1024) & strings.MinRunes(1)
- }]
- }] | *[{
- path: {
- type: "PathPrefix"
- value: "/"
- }
- }]
-
- // Timeouts defines the timeouts that can be configured for an
- // HTTP request.
- //
- // Support: Extended
- timeouts?: {
- // BackendRequest specifies a timeout for an individual request
- // from the gateway
- // to a backend. This covers the time from when the request first
- // starts being
- // sent from the gateway to when the full response has been
- // received from the backend.
- //
- // Setting a timeout to the zero duration (e.g. "0s") SHOULD
- // disable the timeout
- // completely. Implementations that cannot completely disable the
- // timeout MUST
- // instead interpret the zero duration as the longest possible
- // value to which
- // the timeout can be set.
- //
- // An entire client HTTP transaction with a gateway, covered by
- // the Request timeout,
- // may result in more than one call from the gateway to the
- // destination backend,
- // for example, if automatic retries are supported.
- //
- // The value of BackendRequest must be a Gateway API Duration
- // string as defined by
- // GEP-2257. When this field is unspecified, its behavior is
- // implementation-specific;
- // when specified, the value of BackendRequest must be no more
- // than the value of the
- // Request timeout (since the Request timeout encompasses the
- // BackendRequest timeout).
- //
- // Support: Extended
- backendRequest?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
-
- // Request specifies the maximum duration for a gateway to respond
- // to an HTTP request.
- // If the gateway has not been able to respond before this
- // deadline is met, the gateway
- // MUST return a timeout error.
- //
- // For example, setting the `rules.timeouts.request` field to the
- // value `10s` in an
- // `HTTPRoute` will cause a timeout if a client request is taking
- // longer than 10 seconds
- // to complete.
- //
- // Setting a timeout to the zero duration (e.g. "0s") SHOULD
- // disable the timeout
- // completely. Implementations that cannot completely disable the
- // timeout MUST
- // instead interpret the zero duration as the longest possible
- // value to which
- // the timeout can be set.
- //
- // This timeout is intended to cover as close to the whole
- // request-response transaction
- // as possible although an implementation MAY choose to start the
- // timeout after the entire
- // request stream has been received instead of immediately after
- // the transaction is
- // initiated by the client.
- //
- // The value of Request is a Gateway API Duration string as
- // defined by GEP-2257. When this
- // field is unspecified, request timeout behavior is
- // implementation-specific.
- //
- // Support: Extended
- request?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
- }
- }] | *[{
- matches: [{
- path: {
- type: "PathPrefix"
- value: "/"
- }
- }]
- }]
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
deleted file mode 100644
index c2497a513..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/apps/v1
-
-package v1
-
-#GroupName: "apps"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
deleted file mode 100644
index d3ecc8345..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
+++ /dev/null
@@ -1,946 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/apps/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/util/intstr"
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-#ControllerRevisionHashLabelKey: "controller-revision-hash"
-#StatefulSetRevisionLabel: "controller-revision-hash"
-#DeprecatedRollbackTo: "deprecated.deployment.rollback.to"
-#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation"
-#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
-#PodIndexLabel: "apps.kubernetes.io/pod-index"
-
-// StatefulSet represents a set of pods with consistent identities.
-// Identities are defined as:
-// - Network: A single stable DNS and hostname.
-// - Storage: As many VolumeClaims as requested.
-//
-// The StatefulSet guarantees that a given network identity will always
-// map to the same storage identity.
-#StatefulSet: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the desired identities of pods in this set.
- // +optional
- spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the current status of Pods in this StatefulSet. This data
- // may be out of date by some window of time.
- // +optional
- status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PodManagementPolicyType defines the policy for creating pods under a stateful set.
-// +enum
-#PodManagementPolicyType: string // #enumPodManagementPolicyType
-
-#enumPodManagementPolicyType:
- #OrderedReadyPodManagement |
- #ParallelPodManagement
-
-// OrderedReadyPodManagement will create pods in strictly increasing order on
-// scale up and strictly decreasing order on scale down, progressing only when
-// the previous pod is ready or terminated. At most one pod will be changed
-// at any time.
-#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
-
-// ParallelPodManagement will create and delete pods as soon as the stateful set
-// replica count is changed, and will not wait for pods to be ready or complete
-// termination.
-#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
-
-// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
-// controller will use to perform updates. It includes any additional parameters
-// necessary to perform the update for the indicated strategy.
-#StatefulSetUpdateStrategy: {
- // Type indicates the type of the StatefulSetUpdateStrategy.
- // Default is RollingUpdate.
- // +optional
- type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
-
- // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
- // +optional
- rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
-}
-
-// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
-// all possible update strategies for the StatefulSet controller.
-// +enum
-#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
-
-#enumStatefulSetUpdateStrategyType:
- #RollingUpdateStatefulSetStrategyType |
- #OnDeleteStatefulSetStrategyType
-
-// RollingUpdateStatefulSetStrategyType indicates that update will be
-// applied to all Pods in the StatefulSet with respect to the StatefulSet
-// ordering constraints. When a scale operation is performed with this
-// strategy, new Pods will be created from the specification version indicated
-// by the StatefulSet's updateRevision.
-#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
-
-// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
-// tracking and ordered rolling restarts are disabled. Pods are recreated
-// from the StatefulSetSpec when they are manually deleted. When a scale
-// operation is performed with this strategy,specification version indicated
-// by the StatefulSet's currentRevision.
-#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
-
-// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
-#RollingUpdateStatefulSetStrategy: {
- // Partition indicates the ordinal at which the StatefulSet should be partitioned
- // for updates. During a rolling update, all pods from ordinal Replicas-1 to
- // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
- // This is helpful in being able to do a canary based deployment. The default value is 0.
- // +optional
- partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
-
- // The maximum number of pods that can be unavailable during the update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // Absolute number is calculated from percentage by rounding up. This can not be 0.
- // Defaults to 1. This field is alpha-level and is only honored by servers that enable the
- // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
- // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
- // will be counted towards MaxUnavailable.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
-}
-
-// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
-// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
-// deleted or scaled down.
-#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
-
-#enumPersistentVolumeClaimRetentionPolicyType:
- #RetainPersistentVolumeClaimRetentionPolicyType |
- #DeletePersistentVolumeClaimRetentionPolicyType
-
-// RetainPersistentVolumeClaimRetentionPolicyType is the default
-// PersistentVolumeClaimRetentionPolicy and specifies that
-// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
-// will not be deleted.
-#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
-
-// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
-// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
-// will be deleted in the scenario specified in
-// StatefulSetPersistentVolumeClaimRetentionPolicy.
-#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
-
-// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
-// created from the StatefulSet VolumeClaimTemplates.
-#StatefulSetPersistentVolumeClaimRetentionPolicy: {
- // WhenDeleted specifies what happens to PVCs created from StatefulSet
- // VolumeClaimTemplates when the StatefulSet is deleted. The default policy
- // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
- // `Delete` policy causes those PVCs to be deleted.
- whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
-
- // WhenScaled specifies what happens to PVCs created from StatefulSet
- // VolumeClaimTemplates when the StatefulSet is scaled down. The default
- // policy of `Retain` causes PVCs to not be affected by a scaledown. The
- // `Delete` policy causes the associated PVCs for any excess pods above
- // the replica count to be deleted.
- whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
-}
-
-// StatefulSetOrdinals describes the policy used for replica ordinal assignment
-// in this StatefulSet.
-#StatefulSetOrdinals: {
- // start is the number representing the first replica's index. It may be used
- // to number replicas from an alternate index (eg: 1-indexed) over the default
- // 0-indexed names, or to orchestrate progressive movement of replicas from
- // one StatefulSet to another.
- // If set, replica indices will be in the range:
- // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
- // If unset, defaults to 0. Replica indices will be in the range:
- // [0, .spec.replicas).
- // +optional
- start: int32 @go(Start) @protobuf(1,varint,opt)
-}
-
-// A StatefulSetSpec is the specification of a StatefulSet.
-#StatefulSetSpec: {
- // replicas is the desired number of replicas of the given Template.
- // These are replicas in the sense that they are instantiations of the
- // same Template, but individual replicas also have a consistent identity.
- // If unspecified, defaults to 1.
- // TODO: Consider a rename of this field.
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // selector is a label query over pods that should match the replica count.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // template is the object that describes the pod that will be created if
- // insufficient replicas are detected. Each pod stamped out by the StatefulSet
- // will fulfill this Template, but have a unique identity from the rest
- // of the StatefulSet. Each pod will be named with the format
- // -. For example, a pod in a StatefulSet named
- // "web" with index number "3" would be named "web-3".
- // The only allowed template.spec.restartPolicy value is "Always".
- template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-
- // volumeClaimTemplates is a list of claims that pods are allowed to reference.
- // The StatefulSet controller is responsible for mapping network identities to
- // claims in a way that maintains the identity of a pod. Every claim in
- // this list must have at least one matching (by name) volumeMount in one
- // container in the template. A claim in this list takes precedence over
- // any volumes in the template, with the same name.
- // TODO: Define the behavior if a claim already exists with the same name.
- // +optional
- volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
-
- // serviceName is the name of the service that governs this StatefulSet.
- // This service must exist before the StatefulSet, and is responsible for
- // the network identity of the set. Pods get DNS/hostnames that follow the
- // pattern: pod-specific-string.serviceName.default.svc.cluster.local
- // where "pod-specific-string" is managed by the StatefulSet controller.
- serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
-
- // podManagementPolicy controls how pods are created during initial scale up,
- // when replacing pods on nodes, or when scaling down. The default policy is
- // `OrderedReady`, where pods are created in increasing order (pod-0, then
- // pod-1, etc) and the controller will wait until each pod is ready before
- // continuing. When scaling down, the pods are removed in the opposite order.
- // The alternative policy is `Parallel` which will create pods in parallel
- // to match the desired scale without waiting, and on scale down will delete
- // all pods at once.
- // +optional
- podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
-
- // updateStrategy indicates the StatefulSetUpdateStrategy that will be
- // employed to update Pods in the StatefulSet when a revision is made to
- // Template.
- updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
-
- // revisionHistoryLimit is the maximum number of revisions that will
- // be maintained in the StatefulSet's revision history. The revision history
- // consists of all revisions not represented by a currently applied
- // StatefulSetSpec version. The default value is 10.
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
-
- // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
- // volume claims created from volumeClaimTemplates. By default, all persistent
- // volume claims are created as needed and retained until manually deleted. This
- // policy allows the lifecycle to be altered, for example by deleting persistent
- // volume claims when their stateful set is deleted, or when their pod is scaled
- // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
- // which is alpha. +optional
- persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
-
- // ordinals controls the numbering of replica indices in a StatefulSet. The
- // default ordinals behavior assigns a "0" index to the first replica and
- // increments the index by one for each additional replica requested. Using
- // the ordinals field requires the StatefulSetStartOrdinal feature gate to be
- // enabled, which is beta.
- // +optional
- ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
-}
-
-// StatefulSetStatus represents the current state of a StatefulSet.
-#StatefulSetStatus: {
- // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
- // StatefulSet's generation, which is updated on mutation by the API Server.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
-
- // replicas is the number of Pods created by the StatefulSet controller.
- replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
-
- // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
-
- // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
- // indicated by currentRevision.
- currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
-
- // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
- // indicated by updateRevision.
- updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
-
- // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
- // sequence [0,currentReplicas).
- currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
-
- // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
- // [replicas-updatedReplicas,replicas)
- updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
-
- // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
- // uses this field as a collision avoidance mechanism when it needs to create the name for the
- // newest ControllerRevision.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
-
- // Represents the latest available observations of a statefulset's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
-
- // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
- // +optional
- availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
-}
-
-#StatefulSetConditionType: string
-
-// StatefulSetCondition describes the state of a statefulset at a certain point.
-#StatefulSetCondition: {
- // Type of statefulset condition.
- type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// StatefulSetList is a collection of StatefulSets.
-#StatefulSetList: {
- metav1.#TypeMeta
-
- // Standard list's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of stateful sets.
- items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
-}
-
-// Deployment enables declarative updates for Pods and ReplicaSets.
-#Deployment: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the Deployment.
- // +optional
- spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the Deployment.
- // +optional
- status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// DeploymentSpec is the specification of the desired behavior of the Deployment.
-#DeploymentSpec: {
- // Number of desired pods. This is a pointer to distinguish between explicit
- // zero and not specified. Defaults to 1.
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Label selector for pods. Existing ReplicaSets whose pods are
- // selected by this will be the ones affected by this deployment.
- // It must match the pod template's labels.
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // Template describes the pods that will be created.
- // The only allowed template.spec.restartPolicy value is "Always".
- template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-
- // The deployment strategy to use to replace existing pods with new ones.
- // +optional
- // +patchStrategy=retainKeys
- strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
-
- // The number of old ReplicaSets to retain to allow rollback.
- // This is a pointer to distinguish between explicit zero and not specified.
- // Defaults to 10.
- // +optional
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
-
- // Indicates that the deployment is paused.
- // +optional
- paused?: bool @go(Paused) @protobuf(7,varint,opt)
-
- // The maximum time in seconds for a deployment to make progress before it
- // is considered to be failed. The deployment controller will continue to
- // process failed deployments and a condition with a ProgressDeadlineExceeded
- // reason will be surfaced in the deployment status. Note that progress will
- // not be estimated during the time a deployment is paused. Defaults to 600s.
- progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
-}
-
-// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
-// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
-// to select new pods (and old pods being select by new ReplicaSet).
-#DefaultDeploymentUniqueLabelKey: "pod-template-hash"
-
-// DeploymentStrategy describes how to replace existing pods with new ones.
-#DeploymentStrategy: {
- // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
- // +optional
- type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
-
- // Rolling update config params. Present only if DeploymentStrategyType =
- // RollingUpdate.
- //---
- // TODO: Update this to follow our convention for oneOf, whatever we decide it
- // to be.
- // +optional
- rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#DeploymentStrategyType: string // #enumDeploymentStrategyType
-
-#enumDeploymentStrategyType:
- #RecreateDeploymentStrategyType |
- #RollingUpdateDeploymentStrategyType
-
-// Kill all existing pods before creating new ones.
-#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
-
-// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
-#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
-
-// Spec to control the desired behavior of rolling update.
-#RollingUpdateDeployment: {
- // The maximum number of pods that can be unavailable during the update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // Absolute number is calculated from percentage by rounding down.
- // This can not be 0 if MaxSurge is 0.
- // Defaults to 25%.
- // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- // that the total number of pods available at all times during the update is at
- // least 70% of desired pods.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
-
- // The maximum number of pods that can be scheduled above the desired number of
- // pods.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // This can not be 0 if MaxUnavailable is 0.
- // Absolute number is calculated from percentage by rounding up.
- // Defaults to 25%.
- // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- // the rolling update starts, such that the total number of old and new pods do not exceed
- // 130% of desired pods. Once old pods have been killed,
- // new ReplicaSet can be scaled up further, ensuring that total number of pods running
- // at any time during the update is at most 130% of desired pods.
- // +optional
- maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
-}
-
-// DeploymentStatus is the most recently observed status of the Deployment.
-#DeploymentStatus: {
- // The generation observed by the deployment controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
-
- // Total number of non-terminated pods targeted by this deployment (their labels match the selector).
- // +optional
- replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
-
- // Total number of non-terminated pods targeted by this deployment that have the desired template spec.
- // +optional
- updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
-
- // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
-
- // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
-
- // Total number of unavailable pods targeted by this deployment. This is the total number of
- // pods that are still required for the deployment to have 100% available capacity. They may
- // either be pods that are running but not yet available or pods that still have not been created.
- // +optional
- unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
-
- // Represents the latest available observations of a deployment's current state.
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
-
- // Count of hash collisions for the Deployment. The Deployment controller uses this
- // field as a collision avoidance mechanism when it needs to create the name for the
- // newest ReplicaSet.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
-}
-
-#DeploymentConditionType: string // #enumDeploymentConditionType
-
-#enumDeploymentConditionType:
- #DeploymentAvailable |
- #DeploymentProgressing |
- #DeploymentReplicaFailure
-
-// Available means the deployment is available, ie. at least the minimum available
-// replicas required are up and running for at least minReadySeconds.
-#DeploymentAvailable: #DeploymentConditionType & "Available"
-
-// Progressing means the deployment is progressing. Progress for a deployment is
-// considered when a new replica set is created or adopted, and when new pods scale
-// up or old pods scale down. Progress is not estimated for paused deployments or
-// when progressDeadlineSeconds is not specified.
-#DeploymentProgressing: #DeploymentConditionType & "Progressing"
-
-// ReplicaFailure is added in a deployment when one of its pods fails to be created
-// or deleted.
-#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
-
-// DeploymentCondition describes the state of a deployment at a certain point.
-#DeploymentCondition: {
- // Type of deployment condition.
- type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // The last time this condition was updated.
- lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
-
- // Last time the condition transitioned from one status to another.
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
-
- // The reason for the condition's last transition.
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// DeploymentList is a list of Deployments.
-#DeploymentList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of Deployments.
- items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
-}
-
-// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
-#DaemonSetUpdateStrategy: {
- // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
- // +optional
- type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
-
- // Rolling update config params. Present only if type = "RollingUpdate".
- //---
- // TODO: Update this to follow our convention for oneOf, whatever we decide it
- // to be. Same as Deployment `strategy.rollingUpdate`.
- // See https://github.com/kubernetes/kubernetes/issues/35345
- // +optional
- rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
-
-#enumDaemonSetUpdateStrategyType:
- #RollingUpdateDaemonSetStrategyType |
- #OnDeleteDaemonSetStrategyType
-
-// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
-#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
-
-// Replace the old daemons only when it's killed
-#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
-
-// Spec to control the desired behavior of daemon set rolling update.
-#RollingUpdateDaemonSet: {
- // The maximum number of DaemonSet pods that can be unavailable during the
- // update. Value can be an absolute number (ex: 5) or a percentage of total
- // number of DaemonSet pods at the start of the update (ex: 10%). Absolute
- // number is calculated from percentage by rounding up.
- // This cannot be 0 if MaxSurge is 0
- // Default value is 1.
- // Example: when this is set to 30%, at most 30% of the total number of nodes
- // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- // can have their pods stopped for an update at any given time. The update
- // starts by stopping at most 30% of those DaemonSet pods and then brings
- // up new DaemonSet pods in their place. Once the new pods are available,
- // it then proceeds onto other DaemonSet pods, thus ensuring that at least
- // 70% of original number of DaemonSet pods are available at all times during
- // the update.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
-
- // The maximum number of nodes with an existing available DaemonSet pod that
- // can have an updated DaemonSet pod during during an update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // This can not be 0 if MaxUnavailable is 0.
- // Absolute number is calculated from percentage by rounding up to a minimum of 1.
- // Default value is 0.
- // Example: when this is set to 30%, at most 30% of the total number of nodes
- // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- // can have their a new pod created before the old pod is marked as deleted.
- // The update starts by launching new pods on 30% of nodes. Once an updated
- // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
- // on that node is marked deleted. If the old pod becomes unavailable for any
- // reason (Ready transitions to false, is evicted, or is drained) an updated
- // pod is immediatedly created on that node without considering surge limits.
- // Allowing surge implies the possibility that the resources consumed by the
- // daemonset on any given node can double if the readiness check fails, and
- // so resource intensive daemonsets should take into account that they may
- // cause evictions during disruption.
- // +optional
- maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
-}
-
-// DaemonSetSpec is the specification of a daemon set.
-#DaemonSetSpec: {
- // A label query over pods that are managed by the daemon set.
- // Must match in order to be controlled.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // An object that describes the pod that will be created.
- // The DaemonSet will create exactly one copy of this pod on every node
- // that matches the template's node selector (or on every node if no node
- // selector is specified).
- // The only allowed template.spec.restartPolicy value is "Always".
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
-
- // An update strategy to replace existing DaemonSet pods with new pods.
- // +optional
- updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
-
- // The minimum number of seconds for which a newly created DaemonSet pod should
- // be ready without any of its container crashing, for it to be considered
- // available. Defaults to 0 (pod will be considered available as soon as it
- // is ready).
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // The number of old history to retain to allow rollback.
- // This is a pointer to distinguish between explicit zero and not specified.
- // Defaults to 10.
- // +optional
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
-}
-
-// DaemonSetStatus represents the current status of a daemon set.
-#DaemonSetStatus: {
- // The number of nodes that are running at least 1
- // daemon pod and are supposed to run the daemon pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
-
- // The number of nodes that are running the daemon pod, but are
- // not supposed to run the daemon pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
-
- // The total number of nodes that should be running the daemon
- // pod (including nodes correctly running the daemon pod).
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
-
- // numberReady is the number of nodes that should be running the daemon pod and have one
- // or more of the daemon pod running with a Ready Condition.
- numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
-
- // The most recent generation observed by the daemon set controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
-
- // The total number of nodes that are running updated daemon pod
- // +optional
- updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
-
- // The number of nodes that should be running the
- // daemon pod and have one or more of the daemon pod running and
- // available (ready for at least spec.minReadySeconds)
- // +optional
- numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
-
- // The number of nodes that should be running the
- // daemon pod and have none of the daemon pod running and available
- // (ready for at least spec.minReadySeconds)
- // +optional
- numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
-
- // Count of hash collisions for the DaemonSet. The DaemonSet controller
- // uses this field as a collision avoidance mechanism when it needs to
- // create the name for the newest ControllerRevision.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
-
- // Represents the latest available observations of a DaemonSet's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
-}
-
-#DaemonSetConditionType: string
-
-// DaemonSetCondition describes the state of a DaemonSet at a certain point.
-#DaemonSetCondition: {
- // Type of DaemonSet condition.
- type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// DaemonSet represents the configuration of a daemon set.
-#DaemonSet: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The desired behavior of this daemon set.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // The current status of this daemon set. This data may be
- // out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// DefaultDaemonSetUniqueLabelKey is the default label key that is added
-// to existing DaemonSet pods to distinguish between old and new
-// DaemonSet pods during DaemonSet template updates.
-#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
-
-// DaemonSetList is a collection of daemon sets.
-#DaemonSetList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // A list of daemon sets.
- items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
-}
-
-// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
-#ReplicaSet: {
- metav1.#TypeMeta
-
- // If the Labels of a ReplicaSet are empty, they are defaulted to
- // be the same as the Pod(s) that the ReplicaSet manages.
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the specification of the desired behavior of the ReplicaSet.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the most recently observed status of the ReplicaSet.
- // This data may be out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ReplicaSetList is a collection of ReplicaSets.
-#ReplicaSetList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ReplicaSets.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
- items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
-}
-
-// ReplicaSetSpec is the specification of a ReplicaSet.
-#ReplicaSetSpec: {
- // Replicas is the number of desired replicas.
- // This is a pointer to distinguish between explicit zero and unspecified.
- // Defaults to 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // Selector is a label query over pods that should match the replica count.
- // Label keys and values that must match in order to be controlled by this replica set.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // Template is the object that describes the pod that will be created if
- // insufficient replicas are detected.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- // +optional
- template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-}
-
-// ReplicaSetStatus represents the current status of a ReplicaSet.
-#ReplicaSetStatus: {
- // Replicas is the most recently observed number of replicas.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
- replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
-
- // The number of pods that have labels matching the labels of the pod template of the replicaset.
- // +optional
- fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
-
- // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
-
- // The number of available replicas (ready for at least minReadySeconds) for this replica set.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
-
- // ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // Represents the latest available observations of a replica set's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
-}
-
-#ReplicaSetConditionType: string // #enumReplicaSetConditionType
-
-#enumReplicaSetConditionType:
- #ReplicaSetReplicaFailure
-
-// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
-// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
-// due to kubelet being down or finalizers are failing.
-#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
-
-// ReplicaSetCondition describes the state of a replica set at a certain point.
-#ReplicaSetCondition: {
- // Type of replica set condition.
- type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // The last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// ControllerRevision implements an immutable snapshot of state data. Clients
-// are responsible for serializing and deserializing the objects that contain
-// their internal state.
-// Once a ControllerRevision has been successfully created, it can not be updated.
-// The API Server will fail validation of all requests that attempt to mutate
-// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
-// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
-// it may be subject to name and representation changes in future releases, and clients should not
-// depend on its stability. It is primarily for internal use by controllers.
-#ControllerRevision: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Data is the serialized representation of the state.
- data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
-
- // Revision indicates the revision of the state represented by Data.
- revision: int64 @go(Revision) @protobuf(3,varint,opt)
-}
-
-// ControllerRevisionList is a resource containing a list of ControllerRevision objects.
-#ControllerRevisionList: {
- metav1.#TypeMeta
-
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of ControllerRevisions
- items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
deleted file mode 100644
index 3a3027906..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
+++ /dev/null
@@ -1,147 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
-// webhook backend fails.
-#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
-
-// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
-#MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
-
-// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
-// in the Annotations of a Pod.
-#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
-
-// TaintsAnnotationKey represents the key of taints data (json serialized)
-// in the Annotations of a Node.
-#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
-
-// SeccompPodAnnotationKey represents the key of a seccomp profile applied
-// to all containers of a pod.
-// Deprecated: set a pod security context `seccompProfile` field.
-#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
-
-// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
-// to one container of a pod.
-// Deprecated: set a container security context `seccompProfile` field.
-#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
-
-// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#SeccompProfileRuntimeDefault: "runtime/default"
-
-// SeccompProfileNameUnconfined is the unconfined seccomp profile.
-#SeccompProfileNameUnconfined: "unconfined"
-
-// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
-#SeccompLocalhostProfileNamePrefix: "localhost/"
-
-// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
-#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
-
-// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
-#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
-
-// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
-#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
-
-// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
-#AppArmorBetaProfileRuntimeDefault: "runtime/default"
-
-// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
-#AppArmorBetaProfileNamePrefix: "localhost/"
-
-// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
-#AppArmorBetaProfileNameUnconfined: "unconfined"
-
-// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#DeprecatedSeccompProfileDockerDefault: "docker/default"
-
-// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
-// in the Annotations of a Node.
-#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
-
-// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
-// an object (e.g. secret, config map) before fetching it again from apiserver.
-// This annotation can be attached to node.
-#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
-
-// annotation key prefix used to identify non-convertible json paths.
-#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
-_#kubectlPrefix: "kubectl.kubernetes.io/"
-
-// LastAppliedConfigAnnotation is the annotation used to store the previous
-// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
-#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
-
-// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
-//
-// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
-// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
-// access only from the CIDRs currently allocated to MIT & the USPS.
-//
-// Not all cloud providers support this annotation, though AWS & GCE do.
-#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
-
-// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
-// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
-// of the last change, of some Pod or Service object, that triggered the endpoints object change.
-// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
-// controller at T1, and the Endpoints object was changed at T2, the
-// EndpointsLastChangeTriggerTime would be set to T0.
-//
-// The "endpoints change trigger" here means any Pod or Service change that resulted in the
-// Endpoints object change.
-//
-// Given the definition of the "endpoints change trigger", please note that this annotation will
-// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
-// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
-// already set).
-//
-// This annotation will be used to compute the in-cluster network programming latency SLI, see
-// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
-#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
-
-// EndpointsOverCapacity will be set on an Endpoints resource when it
-// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
-// controller will set this annotation with a value of "warning". In a
-// future release, the controller may set this annotation with a value of
-// "truncated" to indicate that any addresses exceeding the limit of 1000
-// have been truncated from the Endpoints resource.
-#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
-
-// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
-// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
-// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
-// CSI Backend for a volume plugin on a specific node.
-#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
-
-// PodDeletionCost can be used to set to an int32 that represent the cost of deleting
-// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
-// deletion cost are preferred to be deleted before pods with higher deletion cost.
-// Note that this is honored on a best-effort basis, and so it does not offer guarantees on
-// pod deletion order.
-// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
-//
-// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
-#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
-
-// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable
-// Topology Aware Hints for a Service. This may be set to "Auto" or
-// "Disabled". Any other value is treated as "Disabled". This annotation has
-// been deprecated in favor of the "service.kubernetes.io/topology-mode"
-// annotation.
-#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"
-
-// AnnotationTopologyMode can be used to enable or disable Topology Aware
-// Routing for a Service. Well known values are "Auto" and "Disabled".
-// Implementations may choose to develop new topology approaches, exposing
-// them with domain-prefixed values. For example, "example.com/lowest-rtt"
-// could be a valid implementation-specific value for this annotation. These
-// heuristics will often populate topology hints on EndpointSlices, but that
-// is not a requirement.
-#AnnotationTopologyMode: "service.kubernetes.io/topology-mode"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
deleted file mode 100644
index 2bf1afce0..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-// Package v1 is the v1 version of the core API.
-package v1
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
deleted file mode 100644
index 29c24abce..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#GroupName: ""
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
deleted file mode 100644
index d87edcff5..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
+++ /dev/null
@@ -1,7617 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/api/resource"
- "k8s.io/apimachinery/pkg/util/intstr"
- "k8s.io/apimachinery/pkg/types"
-)
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats)
-#NamespaceNodeLease: "kube-node-lease"
-
-// Volume represents a named volume in a pod that may be accessed by any container in the pod.
-#Volume: {
- // name of the volume.
- // Must be a DNS_LABEL and unique within the pod.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- #VolumeSource
-}
-
-// Represents the source of a volume to mount.
-// Only one of its members may be specified.
-#VolumeSource: {
- // hostPath represents a pre-existing file or directory on the host
- // machine that is directly exposed to the container. This is generally
- // used for system agents or other privileged things that are allowed
- // to see the host machine. Most containers will NOT need this.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // ---
- // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- // mount host directories as read/write.
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt)
-
- // emptyDir represents a temporary directory that shares a pod's lifetime.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt)
-
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt)
-
- // gitRepo represents a git repository at a particular revision.
- // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- // into the Pod's container.
- // +optional
- gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt)
-
- // secret represents a secret that should populate this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt)
-
- // nfs represents an NFS mount on the host that shares a pod's lifetime
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://examples.k8s.io/volumes/iscsi/README.md
- // +optional
- iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt)
-
- // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt)
-
- // persistentVolumeClaimVolumeSource represents a reference to a
- // PersistentVolumeClaim in the same namespace.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt)
-
- // downwardAPI represents downward API about the pod that should populate this volume
- // +optional
- downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt)
-
- // configMap represents a configMap that should populate this volume
- // +optional
- configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt)
-
- // projected items for all in one resources secrets, configmaps, and downward API
- projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt)
-
- // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
- // +optional
- storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt)
-
- // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
- // +optional
- csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt)
-
- // ephemeral represents a volume that is handled by a cluster storage driver.
- // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- // and deleted when the pod is removed.
- //
- // Use this if:
- // a) the volume is only needed while the pod runs,
- // b) features of normal volumes like restoring from snapshot or capacity
- // tracking are needed,
- // c) the storage driver is specified through a storage class, and
- // d) the storage driver supports dynamic volume provisioning through
- // a PersistentVolumeClaim (see EphemeralVolumeSource for more
- // information on the connection between this volume type
- // and PersistentVolumeClaim).
- //
- // Use PersistentVolumeClaim or one of the vendor-specific
- // APIs for volumes that persist for longer than the lifecycle
- // of an individual pod.
- //
- // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- // be used that way - see the documentation of the driver for
- // more information.
- //
- // A pod can use both types of ephemeral volumes and
- // persistent volumes at the same time.
- //
- // +optional
- ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt)
-}
-
-// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
-// This volume finds the bound PV and mounts that volume for the pod. A
-// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another
-// type of volume that is owned by someone else (the system).
-#PersistentVolumeClaimVolumeSource: {
- // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- claimName: string @go(ClaimName) @protobuf(1,bytes,opt)
-
- // readOnly Will force the ReadOnly setting in VolumeMounts.
- // Default false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-}
-
-// PersistentVolumeSource is similar to VolumeSource but meant for the
-// administrator who creates PVs. Exactly one of its members must be set.
-#PersistentVolumeSource: {
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt)
-
- // hostPath represents a directory on the host.
- // Provisioned by a developer or tester.
- // This is useful for single-node development and testing only!
- // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt)
-
- // glusterfs represents a Glusterfs volume that is attached to a host and
- // exposed to the pod. Provisioned by an admin.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt)
-
- // nfs represents an NFS mount on the host. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // +optional
- iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt)
-
- // local represents directly-attached storage with node affinity
- // +optional
- local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt)
-
- // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod
- // More info: https://examples.k8s.io/volumes/storageos/README.md
- // +optional
- storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt)
-
- // csi represents storage that is handled by an external CSI driver (Beta feature).
- // +optional
- csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt)
-}
-
-// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation.
-// It's currently still used and will be held for backwards compatibility
-#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class"
-
-// MountOptionAnnotation defines mount option annotation used in PVs
-#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options"
-
-// PersistentVolume (PV) is a storage resource provisioned by an administrator.
-// It is analogous to a node.
-// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
-#PersistentVolume: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines a specification of a persistent volume owned by the cluster.
- // Provisioned by an administrator.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status for the persistent volume.
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeSpec is the specification of a persistent volume.
-#PersistentVolumeSpec: {
- // capacity is the description of the persistent volume's resources and capacity.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- #PersistentVolumeSource
-
- // accessModes contains all ways the volume can be mounted.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
- // Expected to be non-nil when bound.
- // claim.VolumeName is the authoritative bind between PV and PVC.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
- // +optional
- // +structType=granular
- claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt)
-
- // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim.
- // Valid options are Retain (default for manually created PersistentVolumes), Delete (default
- // for dynamically provisioned PersistentVolumes), and Recycle (deprecated).
- // Recycle must be supported by the volume plugin underlying this PersistentVolume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
- // +optional
- persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy)
-
- // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value
- // means that this volume does not belong to any StorageClass.
- // +optional
- storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt)
-
- // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
- // simply fail if one is invalid.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
- // +optional
- mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt)
-
- // volumeMode defines if a volume is intended to be used with a formatted filesystem
- // or to remain in raw block state. Value of Filesystem is implied when not included in spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode)
-
- // nodeAffinity defines constraints that limit what nodes this volume can be accessed from.
- // This field influences the scheduling of pods that use this volume.
- // +optional
- nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt)
-}
-
-// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
-#VolumeNodeAffinity: {
- // required specifies hard node constraints that must be met.
- required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes.
-// +enum
-#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy
-
-#enumPersistentVolumeReclaimPolicy:
- #PersistentVolumeReclaimRecycle |
- #PersistentVolumeReclaimDelete |
- #PersistentVolumeReclaimRetain
-
-// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim.
-// The volume plugin must support Recycling.
-#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle"
-
-// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim.
-// The volume plugin must support Deletion.
-#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete"
-
-// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator.
-// The default policy is Retain.
-#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain"
-
-// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem.
-// +enum
-#PersistentVolumeMode: string // #enumPersistentVolumeMode
-
-#enumPersistentVolumeMode:
- #PersistentVolumeBlock |
- #PersistentVolumeFilesystem
-
-// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device.
-#PersistentVolumeBlock: #PersistentVolumeMode & "Block"
-
-// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem.
-#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem"
-
-// PersistentVolumeStatus is the current status of a persistent volume.
-#PersistentVolumeStatus: {
- // phase indicates if a volume is available, bound to a claim, or released by a claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
- // +optional
- phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase)
-
- // message is a human-readable message indicating details about why the volume is in this state.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // reason is a brief CamelCase string that describes any failure and is meant
- // for machine parsing and tidy display in the CLI.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // lastPhaseTransitionTime is the time the phase transitioned from one to another
- // and automatically resets to current time everytime a volume phase transitions.
- // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
- // +featureGate=PersistentVolumeLastPhaseTransitionTime
- // +optional
- lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeList is a list of PersistentVolume items.
-#PersistentVolumeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volumes.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
- items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaim is a user's request for and claim to a persistent volume
-#PersistentVolumeClaim: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines the desired characteristics of a volume requested by a pod author.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status of a persistent volume claim.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
-#PersistentVolumeClaimList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volume claims.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaimSpec describes the common attributes of storage devices
-// and allows a Source for provider-specific attributes
-#PersistentVolumeClaimSpec: {
- // accessModes contains the desired access modes the volume should have.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // selector is a label query over volumes to consider for binding.
- // +optional
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // resources represents the minimum resources the volume should have.
- // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- // that are lower than previous value but must still be higher than capacity recorded in the
- // status field of the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt)
-
- // volumeName is the binding reference to the PersistentVolume backing this claim.
- // +optional
- volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt)
-
- // storageClassName is the name of the StorageClass required by the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- // +optional
- storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt)
-
- // volumeMode defines what type of volume is required by the claim.
- // Value of Filesystem is implied when not included in claim spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode)
-
- // dataSource field can be used to specify either:
- // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- // * An existing PVC (PersistentVolumeClaim)
- // If the provisioner or an external controller can support the specified data source,
- // it will create a new volume based on the contents of the specified data source.
- // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- // If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- // +optional
- dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt)
-
- // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- // volume is desired. This may be any object from a non-empty API group (non
- // core object) or a PersistentVolumeClaim object.
- // When this field is specified, volume binding will only succeed if the type of
- // the specified object matches some installed volume populator or dynamic
- // provisioner.
- // This field will replace the functionality of the dataSource field and as such
- // if both fields are non-empty, they must have the same value. For backwards
- // compatibility, when namespace isn't specified in dataSourceRef,
- // both fields (dataSource and dataSourceRef) will be set to the same
- // value automatically if one of them is empty and the other is non-empty.
- // When namespace is specified in dataSourceRef,
- // dataSource isn't set to the same value and must be empty.
- // There are three important differences between dataSource and dataSourceRef:
- // * While dataSource only allows two specific types of objects, dataSourceRef
- // allows any non-core object, as well as PersistentVolumeClaim objects.
- // * While dataSource ignores disallowed values (dropping them), dataSourceRef
- // preserves all values, and generates an error if a disallowed value is
- // specified.
- // * While dataSource only allows local objects, dataSourceRef allows objects
- // in any namespaces.
- // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +optional
- dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt)
-}
-
-#TypedObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // Namespace is the namespace of resource being referenced
- // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +featureGate=CrossNamespaceVolumeDataSource
- // +optional
- namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
-#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType
-
-#enumPersistentVolumeClaimConditionType:
- #PersistentVolumeClaimResizing |
- #PersistentVolumeClaimFileSystemResizePending
-
-// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started
-#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing"
-
-// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node
-#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending"
-
-// +enum
-// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
-// that it does not recognizes, then it should ignore that update and let other controllers
-// handle it.
-#ClaimResourceStatus: string // #enumClaimResourceStatus
-
-#enumClaimResourceStatus:
- #PersistentVolumeClaimControllerResizeInProgress |
- #PersistentVolumeClaimControllerResizeFailed |
- #PersistentVolumeClaimNodeResizePending |
- #PersistentVolumeClaimNodeResizeInProgress |
- #PersistentVolumeClaimNodeResizeFailed
-
-// State set when resize controller starts resizing the volume in control-plane.
-#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress"
-
-// State set when resize has failed in resize controller with a terminal error.
-// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus
-// unmodified, so as resize controller can resume the volume expansion.
-#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed"
-
-// State set when resize controller has finished resizing the volume but further resizing of volume
-// is needed on the node.
-#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending"
-
-// State set when kubelet starts resizing the volume.
-#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress"
-
-// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed
-#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed"
-
-// PersistentVolumeClaimCondition contains details about state of pvc
-#PersistentVolumeClaimCondition: {
- type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType)
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // lastProbeTime is the time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // lastTransitionTime is the time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason is a unique, this should be a short, machine understandable string that gives the reason
- // for condition's last transition. If it reports "ResizeStarted" that means the underlying
- // persistent volume is being resized.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is the human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
-#PersistentVolumeClaimStatus: {
- // phase represents the current phase of PersistentVolumeClaim.
- // +optional
- phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase)
-
- // accessModes contains the actual access modes the volume backing the PVC has.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // capacity represents the actual resources of the underlying volume.
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
- // resized then the Condition will be set to 'ResizeStarted'.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep)
-
- // allocatedResources tracks the resources allocated to a PVC including its capacity.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // Capacity reported here may be larger than the actual capacity when a volume expansion operation
- // is requested.
- // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
- // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
- // If a volume expansion capacity request is lowered, allocatedResources is only
- // lowered if there are no expansion operations in progress and if the actual volume capacity
- // is equal or lower than the requested capacity.
- //
- // A controller that receives PVC update with previously unknown resourceName
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // allocatedResourceStatuses stores status of resource being resized for the given PVC.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // ClaimResourceStatus can be in any of following states:
- // - ControllerResizeInProgress:
- // State set when resize controller starts resizing the volume in control-plane.
- // - ControllerResizeFailed:
- // State set when resize has failed in resize controller with a terminal error.
- // - NodeResizePending:
- // State set when resize controller has finished resizing the volume but further resizing of
- // volume is needed on the node.
- // - NodeResizeInProgress:
- // State set when kubelet starts resizing the volume.
- // - NodeResizeFailed:
- // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
- // NodeResizeFailed.
- // For example: if expanding a PVC for more capacity - this field can be one of the following states:
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
- // When this field is not set, it means that no resize operation is in progress for the given PVC.
- //
- // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +mapType=granular
- // +optional
- allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep)
-}
-
-// +enum
-#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode
-
-#enumPersistentVolumeAccessMode:
- #ReadWriteOnce |
- #ReadOnlyMany |
- #ReadWriteMany |
- #ReadWriteOncePod
-
-// can be mounted in read/write mode to exactly 1 host
-#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce"
-
-// can be mounted in read-only mode to many hosts
-#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany"
-
-// can be mounted in read/write mode to many hosts
-#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany"
-
-// can be mounted in read/write mode to exactly 1 pod
-// cannot be used in combination with other access modes
-#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod"
-
-// +enum
-#PersistentVolumePhase: string // #enumPersistentVolumePhase
-
-#enumPersistentVolumePhase:
- #VolumePending |
- #VolumeAvailable |
- #VolumeBound |
- #VolumeReleased |
- #VolumeFailed
-
-// used for PersistentVolumes that are not available
-#VolumePending: #PersistentVolumePhase & "Pending"
-
-// used for PersistentVolumes that are not yet bound
-// Available volumes are held by the binder and matched to PersistentVolumeClaims
-#VolumeAvailable: #PersistentVolumePhase & "Available"
-
-// used for PersistentVolumes that are bound
-#VolumeBound: #PersistentVolumePhase & "Bound"
-
-// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted
-// released volumes must be recycled before becoming available again
-// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource
-#VolumeReleased: #PersistentVolumePhase & "Released"
-
-// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim
-#VolumeFailed: #PersistentVolumePhase & "Failed"
-
-// +enum
-#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase
-
-#enumPersistentVolumeClaimPhase:
- #ClaimPending |
- #ClaimBound |
- #ClaimLost
-
-// used for PersistentVolumeClaims that are not yet bound
-#ClaimPending: #PersistentVolumeClaimPhase & "Pending"
-
-// used for PersistentVolumeClaims that are bound
-#ClaimBound: #PersistentVolumeClaimPhase & "Bound"
-
-// used for PersistentVolumeClaims that lost their underlying
-// PersistentVolume. The claim was bound to a PersistentVolume and this
-// volume does not exist any longer and all data on it was lost.
-#ClaimLost: #PersistentVolumeClaimPhase & "Lost"
-
-// +enum
-#HostPathType: string // #enumHostPathType
-
-#enumHostPathType:
- #HostPathUnset |
- #HostPathDirectoryOrCreate |
- #HostPathDirectory |
- #HostPathFileOrCreate |
- #HostPathFile |
- #HostPathSocket |
- #HostPathCharDev |
- #HostPathBlockDev
-
-// For backwards compatible, leave it empty if unset
-#HostPathUnset: #HostPathType & ""
-
-// If nothing exists at the given path, an empty directory will be created there
-// as needed with file mode 0755, having the same group and ownership with Kubelet.
-#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate"
-
-// A directory must exist at the given path
-#HostPathDirectory: #HostPathType & "Directory"
-
-// If nothing exists at the given path, an empty file will be created there
-// as needed with file mode 0644, having the same group and ownership with Kubelet.
-#HostPathFileOrCreate: #HostPathType & "FileOrCreate"
-
-// A file must exist at the given path
-#HostPathFile: #HostPathType & "File"
-
-// A UNIX socket must exist at the given path
-#HostPathSocket: #HostPathType & "Socket"
-
-// A character device must exist at the given path
-#HostPathCharDev: #HostPathType & "CharDevice"
-
-// A block device must exist at the given path
-#HostPathBlockDev: #HostPathType & "BlockDevice"
-
-// Represents a host path mapped into a pod.
-// Host path volumes do not support ownership management or SELinux relabeling.
-#HostPathVolumeSource: {
- // path of the directory on the host.
- // If the path is a symlink, it will follow the link to the real path.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // type for HostPath Volume
- // Defaults to ""
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt)
-}
-
-// Represents an empty directory for a pod.
-// Empty directory volumes support ownership management and SELinux relabeling.
-#EmptyDirVolumeSource: {
- // medium represents what type of storage medium should back this directory.
- // The default is "" which means to use the node's default medium.
- // Must be an empty string (default) or Memory.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium)
-
- // sizeLimit is the total amount of local storage required for this EmptyDir volume.
- // The size limit is also applicable for memory medium.
- // The maximum usage on memory medium EmptyDir would be the minimum value between
- // the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- // The default is nil which means that the limit is undefined.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsPersistentVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // endpointsNamespace is the namespace that contains Glusterfs endpoint.
- // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDPersistentVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderPersistentVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is Optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// SecretReference represents a Secret Reference. It has enough information to retrieve secret
-// in any namespace
-// +structType=atomic
-#SecretReference: {
- // name is unique within a namespace to reference a secret resource.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // namespace defines the space within which the secret name must be unique.
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSPersistentVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is Optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// Represents a Flocker volume mounted by the Flocker agent.
-// One and only one of datasetName and datasetUUID should be set.
-// Flocker volumes do not support ownership management or SELinux relabeling.
-#FlockerVolumeSource: {
- // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- // should be considered as deprecated
- // +optional
- datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt)
-
- // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
- // +optional
- datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt)
-}
-
-// StorageMedium defines ways that storage can be allocated to a volume.
-#StorageMedium: string // #enumStorageMedium
-
-#enumStorageMedium:
- #StorageMediumDefault |
- #StorageMediumMemory |
- #StorageMediumHugePages |
- #StorageMediumHugePagesPrefix
-
-#StorageMediumDefault: #StorageMedium & ""
-#StorageMediumMemory: #StorageMedium & "Memory"
-#StorageMediumHugePages: #StorageMedium & "HugePages"
-#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-"
-
-// Protocol defines network protocols supported for things like container ports.
-// +enum
-#Protocol: string // #enumProtocol
-
-#enumProtocol:
- #ProtocolTCP |
- #ProtocolUDP |
- #ProtocolSCTP
-
-// ProtocolTCP is the TCP protocol.
-#ProtocolTCP: #Protocol & "TCP"
-
-// ProtocolUDP is the UDP protocol.
-#ProtocolUDP: #Protocol & "UDP"
-
-// ProtocolSCTP is the SCTP protocol.
-#ProtocolSCTP: #Protocol & "SCTP"
-
-// Represents a Persistent Disk resource in Google Compute Engine.
-//
-// A GCE PD must exist before mounting to a container. The disk must
-// also be in the same GCE project and zone as the kubelet. A GCE PD
-// can only be mounted as read/write once or read-only many times. GCE
-// PDs support ownership management and SELinux relabeling.
-#GCEPersistentDiskVolumeSource: {
- // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName: string @go(PDName) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a Quobyte mount that lasts the lifetime of a pod.
-// Quobyte volumes do not support ownership management or SELinux relabeling.
-#QuobyteVolumeSource: {
- // registry represents a single or multiple Quobyte Registry services
- // specified as a string as host:port pair (multiple entries are separated with commas)
- // which acts as the central registry for volumes
- registry: string @go(Registry) @protobuf(1,bytes,opt)
-
- // volume is a string that references an already created Quobyte volume by name.
- volume: string @go(Volume) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // user to map volume access to
- // Defaults to serivceaccount user
- // +optional
- user?: string @go(User) @protobuf(4,bytes,opt)
-
- // group to map volume access to
- // Default is no group
- // +optional
- group?: string @go(Group) @protobuf(5,bytes,opt)
-
- // tenant owning the given Quobyte volume in the Backend
- // Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- // +optional
- tenant?: string @go(Tenant) @protobuf(6,bytes,opt)
-}
-
-// FlexPersistentVolumeSource represents a generic persistent volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// FlexVolume represents a generic volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: secretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// Represents a Persistent Disk resource in AWS.
-//
-// An AWS EBS disk must exist before mounting to a container. The disk
-// must also be in the same AWS zone as the kubelet. An AWS EBS disk
-// can only be mounted as read/write once. AWS EBS volumes support
-// ownership management and SELinux relabeling.
-#AWSElasticBlockStoreVolumeSource: {
- // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly value true will force the readOnly setting in VolumeMounts.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a volume that is populated with the contents of a git repository.
-// Git repo volumes do not support ownership management.
-// Git repo volumes support SELinux relabeling.
-//
-// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
-// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
-// into the Pod's container.
-#GitRepoVolumeSource: {
- // repository is the URL
- repository: string @go(Repository) @protobuf(1,bytes,opt)
-
- // revision is the commit hash for the specified revision.
- // +optional
- revision?: string @go(Revision) @protobuf(2,bytes,opt)
-
- // directory is the target directory name.
- // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- // git repository. Otherwise, if specified, the volume will contain the git repository in
- // the subdirectory with the given name.
- // +optional
- directory?: string @go(Directory) @protobuf(3,bytes,opt)
-}
-
-// Adapts a Secret into a volume.
-//
-// The contents of the target Secret's Data field will be presented in a volume
-// as files using the keys in the Data field as the file names.
-// Secret volumes support ownership management and SELinux relabeling.
-#SecretVolumeSource: {
- // secretName is the name of the secret in the pod's namespace to use.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secretName?: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // items If unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values
- // for mode bits. Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt)
-
- // optional field specify whether the Secret or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#SecretVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a secret into a projected volume.
-//
-// The contents of the target Secret's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names.
-// Note that this is identical to a secret volume source without the default
-// mode.
-#SecretProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional field specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// Represents an NFS mount that lasts the lifetime of a pod.
-// NFS volumes do not support ownership management or SELinux relabeling.
-#NFSVolumeSource: {
- // server is the hostname or IP address of the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server: string @go(Server) @protobuf(1,bytes,opt)
-
- // path that is exported by the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the NFS export to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is the target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun represents iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// ISCSIPersistentVolumeSource represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIPersistentVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is Target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun is iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// Represents a Fibre Channel volume.
-// Fibre Channel volumes can only be mounted as read/write once.
-// Fibre Channel volumes support ownership management and SELinux relabeling.
-#FCVolumeSource: {
- // targetWWNs is Optional: FC target worldwide names (WWNs)
- // +optional
- targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep)
-
- // lun is Optional: FC target lun number
- // +optional
- lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // wwids Optional: FC volume world wide identifiers (wwids)
- // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- // +optional
- wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFileVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFilePersistentVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure Share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key
- // default is the same as the Pod
- // +optional
- secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a vSphere volume resource.
-#VsphereVirtualDiskVolumeSource: {
- // volumePath is the path that identifies vSphere volume vmdk
- volumePath: string @go(VolumePath) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // storagePolicyName is the storage Policy Based Management (SPBM) profile name.
- // +optional
- storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt)
-
- // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
- // +optional
- storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt)
-}
-
-// Represents a Photon Controller persistent disk resource.
-#PhotonPersistentDiskVolumeSource: {
- // pdID is the ID that identifies Photon Controller persistent disk
- pdID: string @go(PdID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode
-
-#enumAzureDataDiskCachingMode:
- #AzureDataDiskCachingNone |
- #AzureDataDiskCachingReadOnly |
- #AzureDataDiskCachingReadWrite
-
-// +enum
-#AzureDataDiskKind: string // #enumAzureDataDiskKind
-
-#enumAzureDataDiskKind:
- #AzureSharedBlobDisk |
- #AzureDedicatedBlobDisk |
- #AzureManagedDisk
-
-#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None"
-#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly"
-#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite"
-#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared"
-#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated"
-#AzureManagedDisk: #AzureDataDiskKind & "Managed"
-
-// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
-#AzureDiskVolumeSource: {
- // diskName is the Name of the data disk in the blob storage
- diskName: string @go(DiskName) @protobuf(1,bytes,opt)
-
- // diskURI is the URI of data disk in the blob storage
- diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt)
-
- // cachingMode is the Host Caching mode: None, Read Only, Read Write.
- // +optional
- cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode)
-
- // fsType is Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt)
-
- // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
- kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind)
-}
-
-// PortworxVolumeSource represents a Portworx volume resource.
-#PortworxVolumeSource: {
- // volumeID uniquely identifies a Portworx volume
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fSType represents the filesystem type to mount
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// ScaleIOVolumeSource represents a persistent ScaleIO volume
-#ScaleIOVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // sslEnabled Flag enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
-#ScaleIOPersistentVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs"
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSPersistentVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Adapts a ConfigMap into a volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// volume as files using the keys in the Data field as the file names, unless
-// the items element is populated with specific mappings of keys to paths.
-// ConfigMap volumes support ownership management and SELinux relabeling.
-#ConfigMapVolumeSource: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#ConfigMapVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a ConfigMap into a projected volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names,
-// unless the items element is populated with specific mappings of keys to paths.
-// Note that this is identical to a configmap volume source without the default
-// mode.
-#ConfigMapProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountTokenProjection represents a projected service account token
-// volume. This projection can be used to insert a service account token into
-// the pods runtime filesystem for use against APIs (Kubernetes API Server or
-// otherwise).
-#ServiceAccountTokenProjection: {
- // audience is the intended audience of the token. A recipient of a token
- // must identify itself with an identifier specified in the audience of the
- // token, and otherwise should reject the token. The audience defaults to the
- // identifier of the apiserver.
- // +optional
- audience?: string @go(Audience) @protobuf(1,bytes,rep)
-
- // expirationSeconds is the requested duration of validity of the service
- // account token. As the token approaches expiration, the kubelet volume
- // plugin will proactively rotate the service account token. The kubelet will
- // start trying to rotate the token if the token is older than 80 percent of
- // its time to live or if the token is older than 24 hours.Defaults to 1 hour
- // and must be at least 10 minutes.
- // +optional
- expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt)
-
- // path is the path relative to the mount point of the file to project the
- // token into.
- path: string @go(Path) @protobuf(3,bytes,opt)
-}
-
-// Represents a projected volume source
-#ProjectedVolumeSource: {
- // sources is the list of volume projections
- // +optional
- sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep)
-
- // defaultMode are the mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-// Projection that may be projected along with other supported volume types
-#VolumeProjection: {
- // secret information about the secret data to project
- // +optional
- secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt)
-
- // downwardAPI information about the downwardAPI data to project
- // +optional
- downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt)
-
- // configMap information about the configMap data to project
- // +optional
- configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt)
-
- // serviceAccountToken is information about the serviceAccountToken data to project
- // +optional
- serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt)
-}
-
-#ProjectedVolumeSourceDefaultMode: int32 & 0o644
-
-// Maps a string key to a path within a volume.
-#KeyToPath: {
- // key is the key to project.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // path is the relative path of the file to map the key to.
- // May not be an absolute path.
- // May not contain the path element '..'.
- // May not start with the string '..'.
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // mode is Optional: mode bits used to set permissions on this file.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt)
-}
-
-// Local represents directly-attached storage with node affinity (Beta feature)
-#LocalVolumeSource: {
- // path of the full path to the volume on the node.
- // It can be either a directory or block device (disk, partition, ...).
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // It applies only when the Path is a block device.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt)
-}
-
-// Represents storage that is managed by an external CSI volume driver (Beta feature)
-#CSIPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- // Required.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // volumeHandle is the unique volume name returned by the CSI volume
- // plugin’s CreateVolume to refer to the volume on all subsequent calls.
- // Required.
- volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt)
-
- // readOnly value to pass to ControllerPublishVolumeRequest.
- // Defaults to false (read/write).
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // fsType to mount. Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(4,bytes,opt)
-
- // volumeAttributes of the volume to publish.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep)
-
- // controllerPublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerPublishVolume and ControllerUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt)
-
- // nodeStageSecretRef is a reference to the secret object containing sensitive
- // information to pass to the CSI driver to complete the CSI NodeStageVolume
- // and NodeStageVolume and NodeUnstageVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt)
-
- // controllerExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerExpandVolume call.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt)
-
- // nodeExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodeExpandVolume call.
- // This is a beta field which is enabled default by CSINodeExpandSecret feature gate.
- // This field is optional, may be omitted if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +featureGate=CSINodeExpandSecret
- // +optional
- nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt)
-}
-
-// Represents a source location of a volume to mount, managed by an external CSI driver
-#CSIVolumeSource: {
- // driver is the name of the CSI driver that handles this volume.
- // Consult with your admin for the correct name as registered in the cluster.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // readOnly specifies a read-only configuration for the volume.
- // Defaults to false (read/write).
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt)
-
- // fsType to mount. Ex. "ext4", "xfs", "ntfs".
- // If not provided, the empty value is passed to the associated CSI driver
- // which will determine the default filesystem to apply.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt)
-
- // volumeAttributes stores driver-specific properties that are passed to the CSI
- // driver. Consult your driver's documentation for supported values.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secret references are passed.
- // +optional
- nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents an ephemeral volume that is handled by a normal storage driver.
-#EphemeralVolumeSource: {
- // Will be used to create a stand-alone PVC to provision the volume.
- // The pod in which this EphemeralVolumeSource is embedded will be the
- // owner of the PVC, i.e. the PVC will be deleted together with the
- // pod. The name of the PVC will be `-` where
- // `` is the name from the `PodSpec.Volumes` array
- // entry. Pod validation will reject the pod if the concatenated name
- // is not valid for a PVC (for example, too long).
- //
- // An existing PVC with that name that is not owned by the pod
- // will *not* be used for the pod to avoid using an unrelated
- // volume by mistake. Starting the pod is then blocked until
- // the unrelated PVC is removed. If such a pre-created PVC is
- // meant to be used by the pod, the PVC has to updated with an
- // owner reference to the pod once the pod exists. Normally
- // this should not be necessary, but it may be useful when
- // manually reconstructing a broken cluster.
- //
- // This field is read-only and no changes will be made by Kubernetes
- // to the PVC after it has been created.
- //
- // Required, must not be nil.
- volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeClaimTemplate is used to produce
-// PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
-#PersistentVolumeClaimTemplate: {
- // May contain labels and annotations that will be copied into the PVC
- // when creating it. No other fields are allowed and will be rejected during
- // validation.
- //
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The specification for the PersistentVolumeClaim. The entire content is
- // copied unchanged into the PVC that gets created from this
- // template. The same fields as in a PersistentVolumeClaim
- // are also valid here.
- spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes)
-}
-
-// ContainerPort represents a network port in a single container.
-#ContainerPort: {
- // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- // named port in a pod must have a unique name. Name for the port that can be
- // referred to by services.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // Number of port to expose on the host.
- // If specified, this must be a valid port number, 0 < x < 65536.
- // If HostNetwork is specified, this must match ContainerPort.
- // Most containers do not need this.
- // +optional
- hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt)
-
- // Number of port to expose on the pod's IP address.
- // This must be a valid port number, 0 < x < 65536.
- containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt)
-
- // Protocol for port. Must be UDP, TCP, or SCTP.
- // Defaults to "TCP".
- // +optional
- // +default="TCP"
- protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol)
-
- // What host IP to bind the external port to.
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-}
-
-// VolumeMount describes a mounting of a Volume within a container.
-#VolumeMount: {
- // This must match the Name of a Volume.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Mounted read-only if true, read-write otherwise (false or unspecified).
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-
- // Path within the container at which the volume should be mounted. Must
- // not contain ':'.
- mountPath: string @go(MountPath) @protobuf(3,bytes,opt)
-
- // Path within the volume from which the container's volume should be mounted.
- // Defaults to "" (volume's root).
- // +optional
- subPath?: string @go(SubPath) @protobuf(4,bytes,opt)
-
- // mountPropagation determines how mounts are propagated from the host
- // to container and the other way around.
- // When not set, MountPropagationNone is used.
- // This field is beta in 1.10.
- // +optional
- mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode)
-
- // Expanded path within the volume from which the container's volume should be mounted.
- // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- // Defaults to "" (volume's root).
- // SubPathExpr and SubPath are mutually exclusive.
- // +optional
- subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt)
-}
-
-// MountPropagationMode describes mount propagation.
-// +enum
-#MountPropagationMode: string // #enumMountPropagationMode
-
-#enumMountPropagationMode:
- #MountPropagationNone |
- #MountPropagationHostToContainer |
- #MountPropagationBidirectional
-
-// MountPropagationNone means that the volume in a container will
-// not receive new mounts from the host or other containers, and filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode corresponds to "private" in Linux terminology.
-#MountPropagationNone: #MountPropagationMode & "None"
-
-// MountPropagationHostToContainer means that the volume in a container will
-// receive new mounts from the host or other containers, but filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rslave" in Linux terminology).
-#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer"
-
-// MountPropagationBidirectional means that the volume in a container will
-// receive new mounts from the host or other containers, and its own mounts
-// will be propagated from the container to the host or other containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rshared" in Linux terminology).
-#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional"
-
-// volumeDevice describes a mapping of a raw block device within a container.
-#VolumeDevice: {
- // name must match the name of a persistentVolumeClaim in the pod
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // devicePath is the path inside of the container that the device will be mapped to.
- devicePath: string @go(DevicePath) @protobuf(2,bytes,opt)
-}
-
-// EnvVar represents an environment variable present in a Container.
-#EnvVar: {
- // Name of the environment variable. Must be a C_IDENTIFIER.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Variable references $(VAR_NAME) are expanded
- // using the previously defined environment variables in the container and
- // any service environment variables. If a variable cannot be resolved,
- // the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- // Escaped references will never be expanded, regardless of whether the variable
- // exists or not.
- // Defaults to "".
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Source for the environment variable's value. Cannot be used if value is not empty.
- // +optional
- valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt)
-}
-
-// EnvVarSource represents a source for the value of an EnvVar.
-#EnvVarSource: {
- // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a key of a ConfigMap.
- // +optional
- configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt)
-
- // Selects a key of a secret in the pod's namespace
- // +optional
- secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt)
-}
-
-// ObjectFieldSelector selects an APIVersioned field of an object.
-// +structType=atomic
-#ObjectFieldSelector: {
- // Version of the schema the FieldPath is written in terms of, defaults to "v1".
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // Path of the field to select in the specified API version.
- fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt)
-}
-
-// ResourceFieldSelector represents container resources (cpu, memory) and their output format
-// +structType=atomic
-#ResourceFieldSelector: {
- // Container name: required for volumes, optional for env vars
- // +optional
- containerName?: string @go(ContainerName) @protobuf(1,bytes,opt)
-
- // Required: resource to select
- "resource": string @go(Resource) @protobuf(2,bytes,opt)
-
- // Specifies the output format of the exposed resources, defaults to "1"
- // +optional
- divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt)
-}
-
-// Selects a key from a ConfigMap.
-// +structType=atomic
-#ConfigMapKeySelector: {
- #LocalObjectReference
-
- // The key to select.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the ConfigMap or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// SecretKeySelector selects a key of a Secret.
-// +structType=atomic
-#SecretKeySelector: {
- #LocalObjectReference
-
- // The key of the secret to select from. Must be a valid secret key.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// EnvFromSource represents the source of a set of ConfigMaps
-#EnvFromSource: {
- // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
- // +optional
- prefix?: string @go(Prefix) @protobuf(1,bytes,opt)
-
- // The ConfigMap to select from
- // +optional
- configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt)
-
- // The Secret to select from
- // +optional
- secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt)
-}
-
-// ConfigMapEnvSource selects a ConfigMap to populate the environment
-// variables with.
-//
-// The contents of the target ConfigMap's Data field will represent the
-// key-value pairs as environment variables.
-#ConfigMapEnvSource: {
- #LocalObjectReference
-
- // Specify whether the ConfigMap must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// SecretEnvSource selects a Secret to populate the environment
-// variables with.
-//
-// The contents of the target Secret's Data field will represent the
-// key-value pairs as environment variables.
-#SecretEnvSource: {
- #LocalObjectReference
-
- // Specify whether the Secret must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// HTTPHeader describes a custom header to be used in HTTP probes
-#HTTPHeader: {
- // The header field name.
- // This will be canonicalized upon output, so case-variant names will be understood as the same header.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // The header field value
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// HTTPGetAction describes an action based on HTTP Get requests.
-#HTTPGetAction: {
- // Path to access on the HTTP server.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-
- // Name or number of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt)
-
- // Host name to connect to, defaults to the pod IP. You probably want to set
- // "Host" in httpHeaders instead.
- // +optional
- host?: string @go(Host) @protobuf(3,bytes,opt)
-
- // Scheme to use for connecting to the host.
- // Defaults to HTTP.
- // +optional
- scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme)
-
- // Custom headers to set in the request. HTTP allows repeated headers.
- // +optional
- httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep)
-}
-
-// URIScheme identifies the scheme used for connection to a host for Get actions
-// +enum
-#URIScheme: string // #enumURIScheme
-
-#enumURIScheme:
- #URISchemeHTTP |
- #URISchemeHTTPS
-
-// URISchemeHTTP means that the scheme used will be http://
-#URISchemeHTTP: #URIScheme & "HTTP"
-
-// URISchemeHTTPS means that the scheme used will be https://
-#URISchemeHTTPS: #URIScheme & "HTTPS"
-
-// TCPSocketAction describes an action based on opening a socket
-#TCPSocketAction: {
- // Number or name of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt)
-
- // Optional: Host name to connect to, defaults to the pod IP.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-#GRPCAction: {
- // Port number of the gRPC service. Number must be in the range 1 to 65535.
- port: int32 @go(Port) @protobuf(1,bytes,opt)
-
- // Service is the name of the service to place in the gRPC HealthCheckRequest
- // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- //
- // If this is not specified, the default behavior is defined by gRPC.
- // +optional
- // +default=""
- service?: null | string @go(Service,*string) @protobuf(2,bytes,opt)
-}
-
-// ExecAction describes a "run in container" action.
-#ExecAction: {
- // Command is the command line to execute inside the container, the working directory for the
- // command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- // a shell, you need to explicitly call out to that shell.
- // Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep)
-}
-
-// Probe describes a health check to be performed against a container to determine whether it is
-// alive or ready to receive traffic.
-#Probe: {
- #ProbeHandler
-
- // Number of seconds after the container has started before liveness probes are initiated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt)
-
- // Number of seconds after which the probe times out.
- // Defaults to 1 second. Minimum value is 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt)
-
- // How often (in seconds) to perform the probe.
- // Default to 10 seconds. Minimum value is 1.
- // +optional
- periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt)
-
- // Minimum consecutive successes for the probe to be considered successful after having failed.
- // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- // +optional
- successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt)
-
- // Minimum consecutive failures for the probe to be considered failed after having succeeded.
- // Defaults to 3. Minimum value is 1.
- // +optional
- failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt)
-
- // Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- // value overrides the value provided by the pod spec.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt)
-}
-
-// PullPolicy describes a policy for if/when to pull a container image
-// +enum
-#PullPolicy: string // #enumPullPolicy
-
-#enumPullPolicy:
- #PullAlways |
- #PullNever |
- #PullIfNotPresent
-
-// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
-#PullAlways: #PullPolicy & "Always"
-
-// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
-#PullNever: #PullPolicy & "Never"
-
-// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
-#PullIfNotPresent: #PullPolicy & "IfNotPresent"
-
-// ResourceResizeRestartPolicy specifies how to handle container resource resize.
-#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy
-
-#enumResourceResizeRestartPolicy:
- #NotRequired |
- #RestartContainer
-
-// 'NotRequired' means Kubernetes will try to resize the container
-// without restarting it, if possible. Kubernetes may however choose to
-// restart the container if it is unable to actuate resize without a
-// restart. For e.g. the runtime doesn't support restart-free resizing.
-#NotRequired: #ResourceResizeRestartPolicy & "NotRequired"
-
-// 'RestartContainer' means Kubernetes will resize the container in-place
-// by stopping and starting the container when new resources are applied.
-// This is needed for legacy applications. For e.g. java apps using the
-// -xmxN flag which are unable to use resized memory without restarting.
-#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer"
-
-// ContainerResizePolicy represents resource resize policy for the container.
-#ContainerResizePolicy: {
- // Name of the resource to which this resource resize policy applies.
- // Supported values: cpu, memory.
- resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName)
-
- // Restart policy to apply when specified resource is resized.
- // If not specified, it defaults to NotRequired.
- restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy)
-}
-
-// PreemptionPolicy describes a policy for if/when to preempt a pod.
-// +enum
-#PreemptionPolicy: string // #enumPreemptionPolicy
-
-#enumPreemptionPolicy:
- #PreemptLowerPriority |
- #PreemptNever
-
-// PreemptLowerPriority means that pod can preempt other pods with lower priority.
-#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority"
-
-// PreemptNever means that pod never preempts other pods with lower priority.
-#PreemptNever: #PreemptionPolicy & "Never"
-
-// TerminationMessagePolicy describes how termination messages are retrieved from a container.
-// +enum
-#TerminationMessagePolicy: string // #enumTerminationMessagePolicy
-
-#enumTerminationMessagePolicy:
- #TerminationMessageReadFile |
- #TerminationMessageFallbackToLogsOnError
-
-// TerminationMessageReadFile is the default behavior and will set the container status message to
-// the contents of the container's terminationMessagePath when the container exits.
-#TerminationMessageReadFile: #TerminationMessagePolicy & "File"
-
-// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs
-// for the container status message when the container exits with an error and the
-// terminationMessagePath has no contents.
-#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError"
-
-// Capability represent POSIX capabilities type
-#Capability: string
-
-// Adds and removes POSIX capabilities from running containers.
-#Capabilities: {
- // Added capabilities
- // +optional
- add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability)
-
- // Removed capabilities
- // +optional
- drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability)
-}
-
-// ResourceRequirements describes the compute resource requirements.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Requests describes the minimum amount of compute resources required.
- // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- // otherwise to an implementation-defined value. Requests cannot exceed Limits.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Claims lists the names of resources, defined in spec.resourceClaims,
- // that are used by this container.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable. It can only be set for containers.
- //
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt)
-}
-
-// ResourceClaim references one entry in PodSpec.ResourceClaims.
-#ResourceClaim: {
- // Name must match the name of one entry in pod.spec.resourceClaims of
- // the Pod where this field is used. It makes that resource available
- // inside a container.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TerminationMessagePathDefault means the default path to capture the application termination message running in a container
-#TerminationMessagePathDefault: "/dev/termination-log"
-
-// A single application container that you want to run within a pod.
-#Container: {
- // Name of the container specified as a DNS_LABEL.
- // Each container in a pod must have a unique name (DNS_LABEL).
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- // This field is optional to allow higher level config management to default or override
- // container images in workload controllers like Deployments and StatefulSets.
- // +optional
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The container image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The container image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // List of ports to expose from the container. Not specifying a port here
- // DOES NOT prevent that port from being exposed. Any port which is
- // listening on the default "0.0.0.0" address inside a container will be
- // accessible from the network.
- // Modifying this array with strategic merge patch may corrupt the data.
- // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Compute Resources required by this container.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // RestartPolicy defines the restart behavior of individual containers in a pod.
- // This field may only be set for init containers, and the only allowed value is "Always".
- // For non-init containers or when this field is not specified,
- // the restart behavior is defined by the Pod's restart policy and the container type.
- // Setting the RestartPolicy as "Always" for the init container will have the following effect:
- // this init container will be continually restarted on
- // exit until all regular containers have terminated. Once all regular
- // containers have completed, all init containers with restartPolicy "Always"
- // will be shut down. This lifecycle differs from normal init containers and
- // is often referred to as a "sidecar" container. Although this init
- // container still starts in the init container sequence, it does not wait
- // for the container to complete before proceeding to the next init
- // container. Instead, the next init container starts immediately after this
- // init container is started, or after any startupProbe has successfully
- // completed.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Periodic probe of container liveness.
- // Container will be restarted if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Periodic probe of container service readiness.
- // Container will be removed from service endpoints if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // StartupProbe indicates that the Pod has successfully initialized.
- // If specified, no other probes are executed until this completes successfully.
- // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- // when it might take a long time to load data or warm a cache, than during steady-state operation.
- // This cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Actions that the management system should take in response to container lifecycle events.
- // Cannot be updated.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // SecurityContext defines the security options the container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// ProbeHandler defines a specific action that should be taken in a probe.
-// One and only one of the fields must be specified.
-#ProbeHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // TCPSocket specifies an action involving a TCP port.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-
- // GRPC specifies an action involving a GRPC port.
- // +optional
- grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt)
-}
-
-// LifecycleHandler defines a specific action that should be taken in a lifecycle
-// hook. One and only one of the fields, except TCPSocket must be specified.
-#LifecycleHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- // for the backward compatibility. There are no validation of this field and
- // lifecycle hooks will fail in runtime when tcp handler is specified.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-}
-
-// Lifecycle describes actions that the management system should take in response to container lifecycle
-// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
-// until the action is complete, unless the container process fails, in which case the handler is aborted.
-#Lifecycle: {
- // PostStart is called immediately after a container is created. If the handler fails,
- // the container is terminated and restarted according to its restart policy.
- // Other management of the container blocks until the hook completes.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt)
-
- // PreStop is called immediately before a container is terminated due to an
- // API request or management event such as liveness/startup probe failure,
- // preemption, resource contention, etc. The handler is not called if the
- // container crashes or exits. The Pod's termination grace period countdown begins before the
- // PreStop hook is executed. Regardless of the outcome of the handler, the
- // container will eventually terminate within the Pod's termination grace
- // period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- // or until the termination grace period is reached.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt)
-}
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// ContainerStateWaiting is a waiting state of a container.
-#ContainerStateWaiting: {
- // (brief) reason the container is not yet running.
- // +optional
- reason?: string @go(Reason) @protobuf(1,bytes,opt)
-
- // Message regarding why the container is not yet running.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-}
-
-// ContainerStateRunning is a running state of a container.
-#ContainerStateRunning: {
- // Time at which the container was last (re-)started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt)
-}
-
-// ContainerStateTerminated is a terminated state of a container.
-#ContainerStateTerminated: {
- // Exit status from the last termination of the container
- exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt)
-
- // Signal from the last termination of the container
- // +optional
- signal?: int32 @go(Signal) @protobuf(2,varint,opt)
-
- // (brief) reason from the last termination of the container
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Message regarding the last termination of the container
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // Time at which previous execution of the container started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt)
-
- // Time at which the container last terminated
- // +optional
- finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt)
-
- // Container's ID in the format '://'
- // +optional
- containerID?: string @go(ContainerID) @protobuf(7,bytes,opt)
-}
-
-// ContainerState holds a possible state of container.
-// Only one of its members may be specified.
-// If none of them is specified, the default one is ContainerStateWaiting.
-#ContainerState: {
- // Details about a waiting container
- // +optional
- waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt)
-
- // Details about a running container
- // +optional
- running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt)
-
- // Details about a terminated container
- // +optional
- terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt)
-}
-
-// ContainerStatus contains details for the current status of this container.
-#ContainerStatus: {
- // Name is a DNS_LABEL representing the unique name of the container.
- // Each container in a pod must have a unique name across all container types.
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // State holds details about the container's current condition.
- // +optional
- state?: #ContainerState @go(State) @protobuf(2,bytes,opt)
-
- // LastTerminationState holds the last termination state of the container to
- // help debug container crashes and restarts. This field is not
- // populated if the container is still running and RestartCount is 0.
- // +optional
- lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt)
-
- // Ready specifies whether the container is currently passing its readiness check.
- // The value will change as readiness probes keep executing. If no readiness
- // probes are specified, this field defaults to true once the container is
- // fully started (see Started field).
- //
- // The value is typically used to determine whether a container is ready to
- // accept traffic.
- ready: bool @go(Ready) @protobuf(4,varint,opt)
-
- // RestartCount holds the number of times the container has been restarted.
- // Kubelet makes an effort to always increment the value, but there
- // are cases when the state may be lost due to node restarts and then the value
- // may be reset to 0. The value is never negative.
- restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt)
-
- // Image is the name of container image that the container is running.
- // The container image may not match the image used in the PodSpec,
- // as it may have been resolved by the runtime.
- // More info: https://kubernetes.io/docs/concepts/containers/images.
- image: string @go(Image) @protobuf(6,bytes,opt)
-
- // ImageID is the image ID of the container's image. The image ID may not
- // match the image ID of the image used in the PodSpec, as it may have been
- // resolved by the runtime.
- imageID: string @go(ImageID) @protobuf(7,bytes,opt)
-
- // ContainerID is the ID of the container in the format '://'.
- // Where type is a container runtime identifier, returned from Version call of CRI API
- // (for example "containerd").
- // +optional
- containerID?: string @go(ContainerID) @protobuf(8,bytes,opt)
-
- // Started indicates whether the container has finished its postStart lifecycle hook
- // and passed its startup probe.
- // Initialized as false, becomes true after startupProbe is considered
- // successful. Resets to false when the container is restarted, or if kubelet
- // loses state temporarily. In both cases, startup probes will run again.
- // Is always true when no startupProbe is defined and container is running and
- // has passed the postStart lifecycle hook. The null value must be treated the
- // same as false.
- // +optional
- started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt)
-
- // AllocatedResources represents the compute resources allocated for this container by the
- // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission
- // and after successfully admitting desired pod resize.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Resources represents the compute resource requests and limits that have been successfully
- // enacted on the running container after it has been started or has been successfully resized.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt)
-}
-
-// PodPhase is a label for the condition of a pod at the current time.
-// +enum
-#PodPhase: string // #enumPodPhase
-
-#enumPodPhase:
- #PodPending |
- #PodRunning |
- #PodSucceeded |
- #PodFailed |
- #PodUnknown
-
-// PodPending means the pod has been accepted by the system, but one or more of the containers
-// has not been started. This includes time before being bound to a node, as well as time spent
-// pulling images onto the host.
-#PodPending: #PodPhase & "Pending"
-
-// PodRunning means the pod has been bound to a node and all of the containers have been started.
-// At least one container is still running or is in the process of being restarted.
-#PodRunning: #PodPhase & "Running"
-
-// PodSucceeded means that all containers in the pod have voluntarily terminated
-// with a container exit code of 0, and the system is not going to restart any of these containers.
-#PodSucceeded: #PodPhase & "Succeeded"
-
-// PodFailed means that all containers in the pod have terminated, and at least one container has
-// terminated in a failure (exited with a non-zero exit code or was stopped by the system).
-#PodFailed: #PodPhase & "Failed"
-
-// PodUnknown means that for some reason the state of the pod could not be obtained, typically due
-// to an error in communicating with the host of the pod.
-// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)
-#PodUnknown: #PodPhase & "Unknown"
-
-// PodConditionType is a valid value for PodCondition.Type
-#PodConditionType: string // #enumPodConditionType
-
-#enumPodConditionType:
- #ContainersReady |
- #PodInitialized |
- #PodReady |
- #PodScheduled |
- #DisruptionTarget
-
-// ContainersReady indicates whether all containers in the pod are ready.
-#ContainersReady: #PodConditionType & "ContainersReady"
-
-// PodInitialized means that all init containers in the pod have started successfully.
-#PodInitialized: #PodConditionType & "Initialized"
-
-// PodReady means the pod is able to service requests and should be added to the
-// load balancing pools of all matching services.
-#PodReady: #PodConditionType & "Ready"
-
-// PodScheduled represents status of the scheduling process for this pod.
-#PodScheduled: #PodConditionType & "PodScheduled"
-
-// DisruptionTarget indicates the pod is about to be terminated due to a
-// disruption (such as preemption, eviction API or garbage-collection).
-#DisruptionTarget: #PodConditionType & "DisruptionTarget"
-
-// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler
-// can't schedule the pod right now, for example due to insufficient resources in the cluster.
-#PodReasonUnschedulable: "Unschedulable"
-
-// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler
-// skips scheduling the pod because one or more scheduling gates are still present.
-#PodReasonSchedulingGated: "SchedulingGated"
-
-// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens
-// during scheduling, for example due to nodeAffinity parsing errors.
-#PodReasonSchedulerError: "SchedulerError"
-
-// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination
-// is initiated by kubelet
-#PodReasonTerminationByKubelet: "TerminationByKubelet"
-
-// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the
-// disruption was initiated by scheduler's preemption.
-#PodReasonPreemptionByScheduler: "PreemptionByScheduler"
-
-// PodCondition contains details for the current condition of this pod.
-#PodCondition: {
- // Type is the type of the condition.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType)
-
- // Status is the status of the condition.
- // Can be True, False, Unknown.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // Unique, one-word, CamelCase reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PodResizeStatus shows status of desired resize of a pod's containers.
-#PodResizeStatus: string // #enumPodResizeStatus
-
-#enumPodResizeStatus:
- #PodResizeStatusProposed |
- #PodResizeStatusInProgress |
- #PodResizeStatusDeferred |
- #PodResizeStatusInfeasible
-
-// Pod resources resize has been requested and will be evaluated by node.
-#PodResizeStatusProposed: #PodResizeStatus & "Proposed"
-
-// Pod resources resize has been accepted by node and is being actuated.
-#PodResizeStatusInProgress: #PodResizeStatus & "InProgress"
-
-// Node cannot resize the pod at this time and will keep retrying.
-#PodResizeStatusDeferred: #PodResizeStatus & "Deferred"
-
-// Requested pod resize is not feasible and will not be re-evaluated.
-#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible"
-
-// RestartPolicy describes how the container should be restarted.
-// Only one of the following restart policies may be specified.
-// If none of the following policies is specified, the default one
-// is RestartPolicyAlways.
-// +enum
-#RestartPolicy: string // #enumRestartPolicy
-
-#enumRestartPolicy:
- #RestartPolicyAlways |
- #RestartPolicyOnFailure |
- #RestartPolicyNever
-
-#RestartPolicyAlways: #RestartPolicy & "Always"
-#RestartPolicyOnFailure: #RestartPolicy & "OnFailure"
-#RestartPolicyNever: #RestartPolicy & "Never"
-
-// ContainerRestartPolicy is the restart policy for a single container.
-// This may only be set for init containers and only allowed value is "Always".
-#ContainerRestartPolicy: string // #enumContainerRestartPolicy
-
-#enumContainerRestartPolicy:
- #ContainerRestartPolicyAlways
-
-#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always"
-
-// DNSPolicy defines how a pod's DNS will be configured.
-// +enum
-#DNSPolicy: string // #enumDNSPolicy
-
-#enumDNSPolicy:
- #DNSClusterFirstWithHostNet |
- #DNSClusterFirst |
- #DNSDefault |
- #DNSNone
-
-// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS
-// first, if it is available, then fall back on the default
-// (as determined by kubelet) DNS settings.
-#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet"
-
-// DNSClusterFirst indicates that the pod should use cluster DNS
-// first unless hostNetwork is true, if it is available, then
-// fall back on the default (as determined by kubelet) DNS settings.
-#DNSClusterFirst: #DNSPolicy & "ClusterFirst"
-
-// DNSDefault indicates that the pod should use the default (as
-// determined by kubelet) DNS settings.
-#DNSDefault: #DNSPolicy & "Default"
-
-// DNSNone indicates that the pod should use empty DNS settings. DNS
-// parameters such as nameservers and search paths should be defined via
-// DNSConfig.
-#DNSNone: #DNSPolicy & "None"
-
-// DefaultTerminationGracePeriodSeconds indicates the default duration in
-// seconds a pod needs to terminate gracefully.
-#DefaultTerminationGracePeriodSeconds: 30
-
-// A node selector represents the union of the results of one or more label queries
-// over a set of nodes; that is, it represents the OR of the selectors represented
-// by the node selector terms.
-// +structType=atomic
-#NodeSelector: {
- // Required. A list of node selector terms. The terms are ORed.
- nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep)
-}
-
-// A null or empty node selector term matches no objects. The requirements of
-// them are ANDed.
-// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
-// +structType=atomic
-#NodeSelectorTerm: {
- // A list of node selector requirements by node's labels.
- // +optional
- matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep)
-
- // A list of node selector requirements by node's fields.
- // +optional
- matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A node selector requirement is a selector that contains values, a key, and an operator
-// that relates the key and values.
-#NodeSelectorRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt, the values
- // array must have a single element, which will be interpreted as an integer.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A node selector operator is the set of operators that can be used in
-// a node selector requirement.
-// +enum
-#NodeSelectorOperator: string // #enumNodeSelectorOperator
-
-#enumNodeSelectorOperator:
- #NodeSelectorOpIn |
- #NodeSelectorOpNotIn |
- #NodeSelectorOpExists |
- #NodeSelectorOpDoesNotExist |
- #NodeSelectorOpGt |
- #NodeSelectorOpLt
-
-#NodeSelectorOpIn: #NodeSelectorOperator & "In"
-#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn"
-#NodeSelectorOpExists: #NodeSelectorOperator & "Exists"
-#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist"
-#NodeSelectorOpGt: #NodeSelectorOperator & "Gt"
-#NodeSelectorOpLt: #NodeSelectorOperator & "Lt"
-
-// A topology selector term represents the result of label queries.
-// A null or empty topology selector term matches no objects.
-// The requirements of them are ANDed.
-// It provides a subset of functionality as NodeSelectorTerm.
-// This is an alpha feature and may change in the future.
-// +structType=atomic
-#TopologySelectorTerm: {
- // A list of topology selector requirements by labels.
- // +optional
- matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep)
-}
-
-// A topology selector requirement is a selector that matches given label.
-// This is an alpha feature and may change in the future.
-#TopologySelectorLabelRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // An array of string values. One value must match the label to be selected.
- // Each entry in Values is ORed.
- values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep)
-}
-
-// Affinity is a group of affinity scheduling rules.
-#Affinity: {
- // Describes node affinity scheduling rules for the pod.
- // +optional
- nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt)
-
- // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt)
-
- // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt)
-}
-
-// Pod affinity is a group of inter pod affinity scheduling rules.
-#PodAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-#PodAntiAffinity: {
- // If the anti-affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the anti-affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the anti-affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling anti-affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
-#WeightedPodAffinityTerm: {
- // weight associated with matching the corresponding podAffinityTerm,
- // in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // Required. A pod affinity term, associated with the corresponding weight.
- podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt)
-}
-
-// Defines a set of pods (namely those matching the labelSelector
-// relative to the given namespace(s)) that this pod should be
-// co-located (affinity) or not co-located (anti-affinity) with,
-// where co-located is defined as running on a node whose value of
-// the label with key matches that of any node on which
-// a pod of the set of pods is running
-#PodAffinityTerm: {
- // A label query over a set of resources, in this case pods.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // namespaces specifies a static list of namespace names that the term applies to.
- // The term is applied to the union of the namespaces listed in this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- // +optional
- namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep)
-
- // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located is defined as running on a node
- // whose value of the label with key topologyKey matches that of any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt)
-
- // A label query over the set of namespaces that the term applies to.
- // The term is applied to the union of the namespaces selected by this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this pod's namespace".
- // An empty selector ({}) matches all namespaces.
- // +optional
- namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-}
-
-// Node affinity is a group of node affinity scheduling rules.
-#NodeAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to an update), the system
- // may or may not try to eventually evict the pod from its node.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node matches the corresponding matchExpressions; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep)
-}
-
-// An empty preferred scheduling term matches all objects with implicit weight 0
-// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
-#PreferredSchedulingTerm: {
- // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // A node selector term, associated with the corresponding weight.
- preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt)
-}
-
-// The node this Taint is attached to has the "effect" on
-// any pod that does not tolerate the Taint.
-#Taint: {
- // Required. The taint key to be applied to a node.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // The taint value corresponding to the taint key.
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Required. The effect of the taint on pods
- // that do not tolerate the taint.
- // Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect)
-
- // TimeAdded represents the time at which the taint was added.
- // It is only written for NoExecute taints.
- // +optional
- timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// +enum
-#TaintEffect: string // #enumTaintEffect
-
-#enumTaintEffect:
- #TaintEffectNoSchedule |
- #TaintEffectPreferNoSchedule |
- #TaintEffectNoExecute
-
-// Do not allow new pods to schedule onto the node unless they tolerate the taint,
-// but allow all pods submitted to Kubelet without going through the scheduler
-// to start, and allow all already-running pods to continue running.
-// Enforced by the scheduler.
-#TaintEffectNoSchedule: #TaintEffect & "NoSchedule"
-
-// Like TaintEffectNoSchedule, but the scheduler tries not to schedule
-// new pods onto the node, rather than prohibiting new pods from scheduling
-// onto the node entirely. Enforced by the scheduler.
-#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule"
-
-// Evict any already-running pods that do not tolerate the taint.
-// Currently enforced by NodeController.
-#TaintEffectNoExecute: #TaintEffect & "NoExecute"
-
-// The pod this Toleration is attached to tolerates any taint that matches
-// the triple using the matching operator .
-#Toleration: {
- // Key is the taint key that the toleration applies to. Empty means match all taint keys.
- // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- // +optional
- key?: string @go(Key) @protobuf(1,bytes,opt)
-
- // Operator represents a key's relationship to the value.
- // Valid operators are Exists and Equal. Defaults to Equal.
- // Exists is equivalent to wildcard for value, so that a pod can
- // tolerate all taints of a particular category.
- // +optional
- operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator)
-
- // Value is the taint value the toleration matches to.
- // If the operator is Exists, the value should be empty, otherwise just a regular string.
- // +optional
- value?: string @go(Value) @protobuf(3,bytes,opt)
-
- // Effect indicates the taint effect to match. Empty means match all taint effects.
- // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- // +optional
- effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect)
-
- // TolerationSeconds represents the period of time the toleration (which must be
- // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- // it is not set, which means tolerate the taint forever (do not evict). Zero and
- // negative values will be treated as 0 (evict immediately) by the system.
- // +optional
- tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt)
-}
-
-// A toleration operator is the set of operators that can be used in a toleration.
-// +enum
-#TolerationOperator: string // #enumTolerationOperator
-
-#enumTolerationOperator:
- #TolerationOpExists |
- #TolerationOpEqual
-
-#TolerationOpExists: #TolerationOperator & "Exists"
-#TolerationOpEqual: #TolerationOperator & "Equal"
-
-// PodReadinessGate contains the reference to a pod condition
-#PodReadinessGate: {
- // ConditionType refers to a condition in the pod's condition list with matching type.
- conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType)
-}
-
-// PodSpec is a description of a pod.
-#PodSpec: {
- // List of volumes that can be mounted by containers belonging to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep)
-
- // List of initialization containers belonging to the pod.
- // Init containers are executed in order prior to containers being started. If any
- // init container fails, the pod is considered to have failed and is handled according
- // to its restartPolicy. The name for an init container or normal container must be
- // unique among all containers.
- // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- // The resourceRequirements of an init container are taken into account during scheduling
- // by finding the highest request/limit for each resource type, and then using the max of
- // of that value or the sum of the normal containers. Limits are applied to init containers
- // in a similar fashion.
- // Init containers cannot currently be added or removed.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- // +patchMergeKey=name
- // +patchStrategy=merge
- initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep)
-
- // List of containers belonging to the pod.
- // Containers cannot currently be added or removed.
- // There must be at least one container in a Pod.
- // Cannot be updated.
- // +patchMergeKey=name
- // +patchStrategy=merge
- containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep)
-
- // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
- // pod to perform user-initiated actions such as debugging. This list cannot be specified when
- // creating a pod, and it cannot be modified by updating the pod spec. In order to add an
- // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep)
-
- // Restart policy for all containers within the pod.
- // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
- // Default to Always.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- // +optional
- restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy)
-
- // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // If this value is nil, the default grace period will be used instead.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // Defaults to 30 seconds.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt)
-
- // Optional duration in seconds the pod may be active on the node relative to
- // StartTime before the system will actively try to mark it failed and kill associated containers.
- // Value must be a positive integer.
- // +optional
- activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt)
-
- // Set DNS policy for the pod.
- // Defaults to "ClusterFirst".
- // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
- // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
- // To have DNS options set along with hostNetwork, you have to specify DNS policy
- // explicitly to 'ClusterFirstWithHostNet'.
- // +optional
- dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy)
-
- // NodeSelector is a selector which must be true for the pod to fit on a node.
- // Selector which must match a node's labels for the pod to be scheduled on that node.
- // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- // +optional
- // +mapType=atomic
- nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep)
-
- // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- // +optional
- serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt)
-
- // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
- // Deprecated: Use serviceAccountName instead.
- // +k8s:conversion-gen=false
- // +optional
- serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt)
-
- // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt)
-
- // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
- // the scheduler simply schedules this pod onto that node, assuming that it fits resource
- // requirements.
- // +optional
- nodeName?: string @go(NodeName) @protobuf(10,bytes,opt)
-
- // Host networking requested for this pod. Use the host's network namespace.
- // If this option is set, the ports that will be used must be specified.
- // Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt)
-
- // Use the host's pid namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostPID?: bool @go(HostPID) @protobuf(12,varint,opt)
-
- // Use the host's ipc namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt)
-
- // Share a single process namespace between all of the containers in a pod.
- // When this is set containers will be able to view and signal processes from other containers
- // in the same pod, and the first process in each container will not be assigned PID 1.
- // HostPID and ShareProcessNamespace cannot both be set.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt)
-
- // SecurityContext holds pod-level security attributes and common container settings.
- // Optional: Defaults to empty. See type description for default values of each field.
- // +optional
- securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt)
-
- // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
- // If specified, these secrets will be passed to individual puller implementations for them to use.
- // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep)
-
- // Specifies the hostname of the Pod
- // If not specified, the pod's hostname will be set to a system-defined value.
- // +optional
- hostname?: string @go(Hostname) @protobuf(16,bytes,opt)
-
- // If specified, the fully qualified Pod hostname will be "...svc.".
- // If not specified, the pod will not have a domainname at all.
- // +optional
- subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt)
-
- // If specified, the pod's scheduling constraints
- // +optional
- affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt)
-
- // If specified, the pod will be dispatched by specified scheduler.
- // If not specified, the pod will be dispatched by default scheduler.
- // +optional
- schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt)
-
- // If specified, the pod's tolerations.
- // +optional
- tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt)
-
- // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
- // file if specified. This is only valid for non-hostNetwork pods.
- // +optional
- // +patchMergeKey=ip
- // +patchStrategy=merge
- hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep)
-
- // If specified, indicates the pod's priority. "system-node-critical" and
- // "system-cluster-critical" are two special keywords which indicate the
- // highest priorities with the former being the highest priority. Any other
- // name must be defined by creating a PriorityClass object with that name.
- // If not specified, the pod priority will be default or zero if there is no
- // default.
- // +optional
- priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt)
-
- // The priority value. Various system components use this field to find the
- // priority of the pod. When Priority Admission Controller is enabled, it
- // prevents users from setting this field. The admission controller populates
- // this field from PriorityClassName.
- // The higher the value, the higher the priority.
- // +optional
- priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt)
-
- // Specifies the DNS parameters of a pod.
- // Parameters specified here will be merged to the generated DNS
- // configuration based on DNSPolicy.
- // +optional
- dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt)
-
- // If specified, all readiness gates will be evaluated for pod readiness.
- // A pod is ready when all its containers are ready AND
- // all conditions specified in the readiness gates have status equal to "True"
- // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
- // +optional
- readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt)
-
- // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
- // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
- // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
- // empty definition that uses the default runtime handler.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
- // +optional
- runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt)
-
- // EnableServiceLinks indicates whether information about services should be injected into pod's
- // environment variables, matching the syntax of Docker links.
- // Optional: Defaults to true.
- // +optional
- enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt)
-
- // PreemptionPolicy is the Policy for preempting pods with lower priority.
- // One of Never, PreemptLowerPriority.
- // Defaults to PreemptLowerPriority if unset.
- // +optional
- preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt)
-
- // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
- // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
- // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
- // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
- // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
- // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
- // +optional
- overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt)
-
- // TopologySpreadConstraints describes how a group of pods ought to spread across topology
- // domains. Scheduler will schedule pods in a way which abides by the constraints.
- // All topologySpreadConstraints are ANDed.
- // +optional
- // +patchMergeKey=topologyKey
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=topologyKey
- // +listMapKey=whenUnsatisfiable
- topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt)
-
- // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
- // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
- // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
- // If a pod does not have FQDN, this has no effect.
- // Default to false.
- // +optional
- setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt)
-
- // Specifies the OS of the containers in the pod.
- // Some pod and container fields are restricted if this is set.
- //
- // If the OS field is set to linux, the following fields must be unset:
- // -securityContext.windowsOptions
- //
- // If the OS field is set to windows, following fields must be unset:
- // - spec.hostPID
- // - spec.hostIPC
- // - spec.hostUsers
- // - spec.securityContext.seLinuxOptions
- // - spec.securityContext.seccompProfile
- // - spec.securityContext.fsGroup
- // - spec.securityContext.fsGroupChangePolicy
- // - spec.securityContext.sysctls
- // - spec.shareProcessNamespace
- // - spec.securityContext.runAsUser
- // - spec.securityContext.runAsGroup
- // - spec.securityContext.supplementalGroups
- // - spec.containers[*].securityContext.seLinuxOptions
- // - spec.containers[*].securityContext.seccompProfile
- // - spec.containers[*].securityContext.capabilities
- // - spec.containers[*].securityContext.readOnlyRootFilesystem
- // - spec.containers[*].securityContext.privileged
- // - spec.containers[*].securityContext.allowPrivilegeEscalation
- // - spec.containers[*].securityContext.procMount
- // - spec.containers[*].securityContext.runAsUser
- // - spec.containers[*].securityContext.runAsGroup
- // +optional
- os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt)
-
- // Use the host's user namespace.
- // Optional: Default to true.
- // If set to true or not present, the pod will be run in the host user namespace, useful
- // for when the pod needs a feature only available to the host user namespace, such as
- // loading a kernel module with CAP_SYS_MODULE.
- // When set to false, a new userns is created for the pod. Setting false is useful for
- // mitigating container breakout vulnerabilities even allowing users to run their
- // containers as root without actually having root privileges on the host.
- // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
- // +k8s:conversion-gen=false
- // +optional
- hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt)
-
- // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
- // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
- // scheduler will not attempt to schedule the pod.
- //
- // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
- //
- // This is a beta feature enabled by the PodSchedulingReadiness feature gate.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=name
- // +featureGate=PodSchedulingReadiness
- // +optional
- schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt)
-
- // ResourceClaims defines which ResourceClaims must be allocated
- // and reserved before the Pod is allowed to start. The resources
- // will be made available to those containers which consume them
- // by name.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep)
-}
-
-// PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
-// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
-// Containers that need access to the ResourceClaim reference it with this name.
-#PodResourceClaim: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // Source describes where to find the ResourceClaim.
- source?: #ClaimSource @go(Source) @protobuf(2,bytes)
-}
-
-// ClaimSource describes a reference to a ResourceClaim.
-//
-// Exactly one of these fields should be set. Consumers of this type must
-// treat an empty object as if it has an unknown value.
-#ClaimSource: {
- // ResourceClaimName is the name of a ResourceClaim object in the same
- // namespace as this pod.
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt)
-
- // ResourceClaimTemplateName is the name of a ResourceClaimTemplate
- // object in the same namespace as this pod.
- //
- // The template will be used to create a new ResourceClaim, which will
- // be bound to this pod. When this pod is deleted, the ResourceClaim
- // will also be deleted. The pod name and resource name, along with a
- // generated component, will be used to form a unique name for the
- // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
- //
- // This field is immutable and no changes will be made to the
- // corresponding ResourceClaim by the control plane after creating the
- // ResourceClaim.
- resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt)
-}
-
-// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
-// which references a ResourceClaimTemplate. It stores the generated name for
-// the corresponding ResourceClaim.
-#PodResourceClaimStatus: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must match the name of an entry in pod.spec.resourceClaims,
- // which implies that the string must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // ResourceClaimName is the name of the ResourceClaim that was
- // generated for the Pod in the namespace of the Pod. It this is
- // unset, then generating a ResourceClaim was not necessary. The
- // pod.spec.resourceClaims entry can be ignored in this case.
- //
- // +optional
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt)
-}
-
-// OSName is the set of OS'es that can be used in OS.
-#OSName: string // #enumOSName
-
-#enumOSName:
- #Linux |
- #Windows
-
-#Linux: #OSName & "linux"
-#Windows: #OSName & "windows"
-
-// PodOS defines the OS parameters of a pod.
-#PodOS: {
- // Name is the name of the operating system. The currently supported values are linux and windows.
- // Additional value may be defined in future and can be one of:
- // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- // Clients should expect to handle additional values and treat unrecognized values in this field as os: null
- name: #OSName @go(Name) @protobuf(1,bytes,opt)
-}
-
-// PodSchedulingGate is associated to a Pod to guard its scheduling.
-#PodSchedulingGate: {
- // Name of the scheduling gate.
- // Each scheduling gate must have a unique name field.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// +enum
-#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction
-
-#enumUnsatisfiableConstraintAction:
- #DoNotSchedule |
- #ScheduleAnyway
-
-// DoNotSchedule instructs the scheduler not to schedule the pod
-// when constraints are not satisfied.
-#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule"
-
-// ScheduleAnyway instructs the scheduler to schedule the pod
-// even if constraints are not satisfied.
-#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway"
-
-// NodeInclusionPolicy defines the type of node inclusion policy
-// +enum
-#NodeInclusionPolicy: string // #enumNodeInclusionPolicy
-
-#enumNodeInclusionPolicy:
- #NodeInclusionPolicyIgnore |
- #NodeInclusionPolicyHonor
-
-// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore"
-
-// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor"
-
-// TopologySpreadConstraint specifies how to spread matching pods among the given topology.
-#TopologySpreadConstraint: {
- // MaxSkew describes the degree to which pods may be unevenly distributed.
- // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- // between the number of matching pods in the target topology and the global minimum.
- // The global minimum is the minimum number of matching pods in an eligible domain
- // or zero if the number of eligible domains is less than MinDomains.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 2/2/1:
- // In this case, the global minimum is 1.
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P |
- // +-------+-------+-------+
- // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- // violate MaxSkew(1).
- // - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- // to topologies that satisfy it.
- // It's a required field. Default value is 1 and 0 is not allowed.
- maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt)
-
- // TopologyKey is the key of node labels. Nodes that have a label with this key
- // and identical values are considered to be in the same topology.
- // We consider each as a "bucket", and try to put balanced number
- // of pods into each bucket.
- // We define a domain as a particular instance of a topology.
- // Also, we define an eligible domain as a domain whose nodes meet the requirements of
- // nodeAffinityPolicy and nodeTaintsPolicy.
- // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- // It's a required field.
- topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt)
-
- // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- // the spread constraint.
- // - DoNotSchedule (default) tells the scheduler not to schedule it.
- // - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- // but giving higher precedence to topologies that would help reduce the
- // skew.
- // A constraint is considered "Unsatisfiable" for an incoming pod
- // if and only if every possible node assignment for that pod would violate
- // "MaxSkew" on some topology.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 3/1/1:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P P | P | P |
- // +-------+-------+-------+
- // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- // won't make it *more* imbalanced.
- // It's a required field.
- whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction)
-
- // LabelSelector is used to find matching pods.
- // Pods that match this label selector are counted to determine the number of pods
- // in their corresponding topology domain.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // MinDomains indicates a minimum number of eligible domains.
- // When the number of eligible domains with matching topology keys is less than minDomains,
- // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- // And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- // this value has no effect on scheduling.
- // As a result, when the number of eligible domains is less than minDomains,
- // scheduler won't schedule more than maxSkew Pods to those domains.
- // If value is nil, the constraint behaves as if MinDomains is equal to 1.
- // Valid values are integers greater than 0.
- // When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- //
- // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- // labelSelector spread as 2/2/2:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P P |
- // +-------+-------+-------+
- // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- // In this situation, new pod with the same labelSelector cannot be scheduled,
- // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- // it will violate MaxSkew.
- //
- // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
- // +optional
- minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt)
-
- // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- // when calculating pod topology spread skew. Options are:
- // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- //
- // If this value is nil, the behavior is equivalent to the Honor policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt)
-
- // NodeTaintsPolicy indicates how we will treat node taints when calculating
- // pod topology spread skew. Options are:
- // - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- // has a toleration, are included.
- // - Ignore: node taints are ignored. All nodes are included.
- //
- // If this value is nil, the behavior is equivalent to the Ignore policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt)
-
- // MatchLabelKeys is a set of pod label keys to select the pods over which
- // spreading will be calculated. The keys are used to lookup values from the
- // incoming pod labels, those key-value labels are ANDed with labelSelector
- // to select the group of existing pods over which spreading will be calculated
- // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- // MatchLabelKeys cannot be set when LabelSelector isn't set.
- // Keys that don't exist in the incoming pod labels will
- // be ignored. A null or empty list means only match against labelSelector.
- //
- // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- // +listType=atomic
- // +optional
- matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt)
-}
-
-// The default value for enableServiceLinks attribute.
-#DefaultEnableServiceLinks: true
-
-// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
-// pod's hosts file.
-#HostAlias: {
- // IP address of the host file entry.
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostnames for the above IP address.
- hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep)
-}
-
-// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
-// when volume is mounted.
-// +enum
-#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy
-
-#enumPodFSGroupChangePolicy:
- #FSGroupChangeOnRootMismatch |
- #FSGroupChangeAlways
-
-// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed
-// only when permission and ownership of root directory does not match with expected
-// permissions on the volume. This can help shorten the time it takes to change
-// ownership and permissions of a volume.
-#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch"
-
-// FSGroupChangeAlways indicates that volume's ownership and permissions
-// should always be changed whenever volume is mounted inside a Pod. This the default
-// behavior.
-#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always"
-
-// PodSecurityContext holds pod-level security attributes and common container settings.
-// Some fields are also present in container.securityContext. Field values of
-// container.securityContext take precedence over field values of PodSecurityContext.
-#PodSecurityContext: {
- // The SELinux context to be applied to all containers.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in SecurityContext. If set in
- // both SecurityContext and PodSecurityContext, the value specified in SecurityContext
- // takes precedence for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options within a container's SecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt)
-
- // A list of groups applied to the first process run in each container, in addition
- // to the container's primary GID, the fsGroup (if specified), and group memberships
- // defined in the container image for the uid of the container process. If unspecified,
- // no additional groups are added to any container. Note that group memberships
- // defined in the container image for the uid of the container process are still effective,
- // even if they are not included in this list.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep)
-
- // A special supplemental group that applies to all containers in a pod.
- // Some volume types allow the Kubelet to change the ownership of that volume
- // to be owned by the pod:
- //
- // 1. The owning GID will be the FSGroup
- // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
- // 3. The permission bits are OR'd with rw-rw----
- //
- // If unset, the Kubelet will not modify the ownership and permissions of any volume.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt)
-
- // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
- // sysctls (by the container runtime) might fail to launch.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep)
-
- // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
- // before being exposed inside Pod. This field will only apply to
- // volume types which support fsGroup based ownership(and permissions).
- // It will have no effect on ephemeral volume types such as: secret, configmaps
- // and emptydir.
- // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by the containers in this pod.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt)
-}
-
-// SeccompProfile defines a pod/container's seccomp profile settings.
-// Only one profile source may be set.
-// +union
-#SeccompProfile: {
- // type indicates which kind of seccomp profile will be applied.
- // Valid options are:
- //
- // Localhost - a profile defined in a file on the node should be used.
- // RuntimeDefault - the container runtime default profile should be used.
- // Unconfined - no profile should be applied.
- // +unionDiscriminator
- type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType)
-
- // localhostProfile indicates a profile defined in a file on the node should be used.
- // The profile must be preconfigured on the node to work.
- // Must be a descending path, relative to the kubelet's configured seccomp profile location.
- // Must be set if type is "Localhost". Must NOT be set for any other type.
- // +optional
- localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt)
-}
-
-// SeccompProfileType defines the supported seccomp profile types.
-// +enum
-#SeccompProfileType: string // #enumSeccompProfileType
-
-#enumSeccompProfileType:
- #SeccompProfileTypeUnconfined |
- #SeccompProfileTypeRuntimeDefault |
- #SeccompProfileTypeLocalhost
-
-// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined).
-#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined"
-
-// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile.
-#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault"
-
-// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used.
-// The file's location relative to /seccomp.
-#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost"
-
-// PodQOSClass defines the supported qos classes of Pods.
-// +enum
-#PodQOSClass: string // #enumPodQOSClass
-
-#enumPodQOSClass:
- #PodQOSGuaranteed |
- #PodQOSBurstable |
- #PodQOSBestEffort
-
-// PodQOSGuaranteed is the Guaranteed qos class.
-#PodQOSGuaranteed: #PodQOSClass & "Guaranteed"
-
-// PodQOSBurstable is the Burstable qos class.
-#PodQOSBurstable: #PodQOSClass & "Burstable"
-
-// PodQOSBestEffort is the BestEffort qos class.
-#PodQOSBestEffort: #PodQOSClass & "BestEffort"
-
-// PodDNSConfig defines the DNS parameters of a pod in addition to
-// those generated from DNSPolicy.
-#PodDNSConfig: {
- // A list of DNS name server IP addresses.
- // This will be appended to the base nameservers generated from DNSPolicy.
- // Duplicated nameservers will be removed.
- // +optional
- nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep)
-
- // A list of DNS search domains for host-name lookup.
- // This will be appended to the base search paths generated from DNSPolicy.
- // Duplicated search paths will be removed.
- // +optional
- searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep)
-
- // A list of DNS resolver options.
- // This will be merged with the base options generated from DNSPolicy.
- // Duplicated entries will be removed. Resolution options given in Options
- // will override those that appear in the base DNSPolicy.
- // +optional
- options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep)
-}
-
-// PodDNSConfigOption defines DNS resolver options of a pod.
-#PodDNSConfigOption: {
- // Required.
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // +optional
- value?: null | string @go(Value,*string) @protobuf(2,bytes,opt)
-}
-
-// PodIP represents a single IP address allocated to the pod.
-#PodIP: {
- // IP is the IP address assigned to the pod
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// HostIP represents a single IP address allocated to the host.
-#HostIP: {
- // IP is the IP address assigned to the host
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// EphemeralContainerCommon is a copy of all fields in Container to be inlined in
-// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer
-// to Container and allows separate documentation for the fields of EphemeralContainer.
-// When a new field is added to Container it must be added here as well.
-#EphemeralContainerCommon: {
- // Name of the ephemeral container specified as a DNS_LABEL.
- // This name must be unique among all containers, init containers and ephemeral containers.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // Ports are not allowed for ephemeral containers.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
- // already allocated to the pod.
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // Restart policy for the container to manage the restart behavior of each
- // container within a pod.
- // This may only be set for init containers. You cannot set this field on
- // ephemeral containers.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Lifecycle is not allowed for ephemeral containers.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // Optional: SecurityContext defines the security options the ephemeral container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// An EphemeralContainer is a temporary container that you may add to an existing Pod for
-// user-initiated activities such as debugging. Ephemeral containers have no resource or
-// scheduling guarantees, and they will not be restarted when they exit or when a Pod is
-// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
-// Pod to exceed its resource allocation.
-//
-// To add an ephemeral container, use the ephemeralcontainers subresource of an existing
-// Pod. Ephemeral containers may not be removed or restarted.
-#EphemeralContainer: {
- #EphemeralContainerCommon
-
- // If set, the name of the container from PodSpec that this ephemeral container targets.
- // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
- // If not set then the ephemeral container uses the namespaces configured in the Pod spec.
- //
- // The container runtime must implement support for this feature. If the runtime does not
- // support namespace targeting then the result of setting this field is undefined.
- // +optional
- targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt)
-}
-
-// PodStatus represents information about the status of a pod. Status may trail the actual
-// state of a system, especially if the node that hosts the pod cannot contact the control
-// plane.
-#PodStatus: {
- // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
- // The conditions array, the reason and message fields, and the individual container status
- // arrays contain more detail about the pod's status.
- // There are five possible phase values:
- //
- // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
- // container images has not been created. This includes time before being scheduled as
- // well as time spent downloading images over the network, which could take a while.
- // Running: The pod has been bound to a node, and all of the containers have been created.
- // At least one container is still running, or is in the process of starting or restarting.
- // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
- // Failed: All containers in the pod have terminated, and at least one container has
- // terminated in failure. The container either exited with non-zero status or was terminated
- // by the system.
- // Unknown: For some reason the state of the pod could not be obtained, typically due to an
- // error in communicating with the host of the pod.
- //
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
- // +optional
- phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase)
-
- // Current service state of pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep)
-
- // A human readable message indicating details about why the pod is in this condition.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A brief CamelCase message indicating details about why the pod is in this state.
- // e.g. 'Evicted'
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be
- // scheduled right away as preemption victims receive their graceful termination periods.
- // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide
- // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to
- // give the resources on this node to a higher priority pod that is created after preemption.
- // As a result, this field may be different than PodSpec.nodeName when the pod is
- // scheduled.
- // +optional
- nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt)
-
- // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
- // not be updated even if there is a node is assigned to pod
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-
- // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
- // match the hostIP field. This list is empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
- // not be updated even if there is a node is assigned to this pod.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- // +listType=atomic
- hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep)
-
- // podIP address allocated to the pod. Routable at least within the cluster.
- // Empty if not yet allocated.
- // +optional
- podIP?: string @go(PodIP) @protobuf(6,bytes,opt)
-
- // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must
- // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list
- // is empty if no IPs have been allocated yet.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep)
-
- // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
- // This is before the Kubelet pulled the container image(s) for the pod.
- // +optional
- startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt)
-
- // The list has one entry per init container in the manifest. The most recent successful
- // init container will have ready = true, the most recently started container will have
- // startTime set.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep)
-
- // The list has one entry per container in the manifest.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- // +optional
- containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep)
-
- // The Quality of Service (QOS) classification assigned to the pod based on resource requirements
- // See PodQOSClass type for available QOS classes
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
- // +optional
- qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep)
-
- // Status for any ephemeral containers that have run in this pod.
- // +optional
- ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep)
-
- // Status of resources resize desired for pod's containers.
- // It is empty if no resources resize is pending.
- // Any changes to container resources will automatically set this to "Proposed"
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus)
-
- // Status of resource claims.
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep)
-}
-
-// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
-#PodStatusResult: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(2,bytes,opt)
-}
-
-// Pod is a collection of containers that can run on a host. This resource is created
-// by clients and scheduled onto hosts.
-#Pod: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PodList is a list of Pods.
-#PodList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pods.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
- items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep)
-}
-
-// PodTemplateSpec describes the data a pod should have when created from a template
-#PodTemplateSpec: {
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// PodTemplate describes a template for creating copies of a predefined pod.
-#PodTemplate: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Template defines the pods that will be created from this pod template.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
-}
-
-// PodTemplateList is a list of PodTemplates.
-#PodTemplateList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pod templates
- items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep)
-}
-
-// ReplicationControllerSpec is the specification of a replication controller.
-#ReplicationControllerSpec: {
- // Replicas is the number of desired replicas.
- // This is a pointer to distinguish between explicit zero and unspecified.
- // Defaults to 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // Selector is a label query over pods that should match the Replicas count.
- // If Selector is empty, it is defaulted to the labels present on the Pod template.
- // Label keys and values that must match in order to be controlled by this replication
- // controller, if empty defaulted to labels on Pod template.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // Template is the object that describes the pod that will be created if
- // insufficient replicas are detected. This takes precedence over a TemplateRef.
- // The only allowed template.spec.restartPolicy value is "Always".
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- // +optional
- template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerStatus represents the current status of a replication
-// controller.
-#ReplicationControllerStatus: {
- // Replicas is the most recently observed number of replicas.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
-
- // The number of pods that have labels matching the labels of the pod template of the replication controller.
- // +optional
- fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
-
- // The number of ready replicas for this replication controller.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
-
- // The number of available replicas (ready for at least minReadySeconds) for this replication controller.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
-
- // ObservedGeneration reflects the generation of the most recently observed replication controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // Represents the latest available observations of a replication controller's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep)
-}
-
-#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType
-
-#enumReplicationControllerConditionType:
- #ReplicationControllerReplicaFailure
-
-// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods
-// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors,
-// etc. or deleted due to kubelet being down or finalizers are failing.
-#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure"
-
-// ReplicationControllerCondition describes the state of a replication controller at a certain point.
-#ReplicationControllerCondition: {
- // Type of replication controller condition.
- type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // The last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// ReplicationController represents the configuration of a replication controller.
-#ReplicationController: {
- metav1.#TypeMeta
-
- // If the Labels of a ReplicationController are empty, they are defaulted to
- // be the same as the Pod(s) that the replication controller manages.
- // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the specification of the desired behavior of the replication controller.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the most recently observed status of the replication controller.
- // This data may be out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerList is a collection of replication controllers.
-#ReplicationControllerList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of replication controllers.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
- items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep)
-}
-
-// Session Affinity Type string
-// +enum
-#ServiceAffinity: string // #enumServiceAffinity
-
-#enumServiceAffinity:
- #ServiceAffinityClientIP |
- #ServiceAffinityNone
-
-// ServiceAffinityClientIP is the Client IP based.
-#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP"
-
-// ServiceAffinityNone - no session affinity.
-#ServiceAffinityNone: #ServiceAffinity & "None"
-
-#DefaultClientIPServiceAffinitySeconds: int32 & 10800
-
-// SessionAffinityConfig represents the configurations of session affinity.
-#SessionAffinityConfig: {
- // clientIP contains the configurations of Client IP based session affinity.
- // +optional
- clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt)
-}
-
-// ClientIPConfig represents the configurations of Client IP based session affinity.
-#ClientIPConfig: {
- // timeoutSeconds specifies the seconds of ClientIP type session sticky time.
- // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
- // Default value is 10800(for 3 hours).
- // +optional
- timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt)
-}
-
-// Service Type string describes ingress methods for a service
-// +enum
-#ServiceType: string // #enumServiceType
-
-#enumServiceType:
- #ServiceTypeClusterIP |
- #ServiceTypeNodePort |
- #ServiceTypeLoadBalancer |
- #ServiceTypeExternalName
-
-// ServiceTypeClusterIP means a service will only be accessible inside the
-// cluster, via the cluster IP.
-#ServiceTypeClusterIP: #ServiceType & "ClusterIP"
-
-// ServiceTypeNodePort means a service will be exposed on one port of
-// every node, in addition to 'ClusterIP' type.
-#ServiceTypeNodePort: #ServiceType & "NodePort"
-
-// ServiceTypeLoadBalancer means a service will be exposed via an
-// external load balancer (if the cloud provider supports it), in addition
-// to 'NodePort' type.
-#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer"
-
-// ServiceTypeExternalName means a service consists of only a reference to
-// an external name that kubedns or equivalent will return as a CNAME
-// record, with no exposing or proxying of any pods involved.
-#ServiceTypeExternalName: #ServiceType & "ExternalName"
-
-// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on the ClusterIP.
-// +enum
-#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy
-
-#enumServiceInternalTrafficPolicy:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster"
-
-// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same
-// node as the client pod (dropping the traffic if there are no local endpoints).
-#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType
-
-#enumServiceInternalTrafficPolicyType:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs,
-// and LoadBalancer IPs.
-// +enum
-#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy
-
-#enumServiceExternalTrafficPolicy:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
-// routing only to endpoints on the same node as the traffic was received on
-// (dropping the traffic if there are no local endpoints).
-#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType
-
-#enumServiceExternalTrafficPolicyType:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local"
-#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// LoadBalancerPortsError represents the condition of the requested ports
-// on the cloud load balancer instance.
-#LoadBalancerPortsError: "LoadBalancerPortsError"
-
-// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError
-// means the LoadBalancer was not able to be configured correctly.
-#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported"
-
-// ServiceStatus represents the current status of a service.
-#ServiceStatus: {
- // LoadBalancer contains the current status of the load-balancer,
- // if one is present.
- // +optional
- loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
-
- // Current service state
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=type
- conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep)
-}
-
-// LoadBalancerStatus represents the status of a load-balancer.
-#LoadBalancerStatus: {
- // Ingress is a list containing ingress points for the load-balancer.
- // Traffic intended for the service should be sent to these ingress points.
- // +optional
- ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep)
-}
-
-// LoadBalancerIngress represents the status of a load-balancer ingress point:
-// traffic intended for the service should be sent to an ingress point.
-#LoadBalancerIngress: {
- // IP is set for load-balancer ingress points that are IP based
- // (typically GCE or OpenStack load-balancers)
- // +optional
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostname is set for load-balancer ingress points that are DNS based
- // (typically AWS load-balancers)
- // +optional
- hostname?: string @go(Hostname) @protobuf(2,bytes,opt)
-
- // Ports is a list of records of service ports
- // If used, every port defined in the service should have an entry in it
- // +listType=atomic
- // +optional
- ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep)
-}
-
-// IPFamily represents the IP Family (IPv4 or IPv6). This type is used
-// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
-// +enum
-#IPFamily: string // #enumIPFamily
-
-#enumIPFamily:
- #IPv4Protocol |
- #IPv6Protocol
-
-// IPv4Protocol indicates that this IP is IPv4 protocol
-#IPv4Protocol: #IPFamily & "IPv4"
-
-// IPv6Protocol indicates that this IP is IPv6 protocol
-#IPv6Protocol: #IPFamily & "IPv6"
-
-// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service
-// +enum
-#IPFamilyPolicy: string // #enumIPFamilyPolicy
-
-#enumIPFamilyPolicy:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily.
-// The IPFamily assigned is based on the default IPFamily used by the cluster
-// or as identified by service.spec.ipFamilies field
-#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack"
-
-// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when
-// the cluster is configured for dual-stack. If the cluster is not configured
-// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not
-// set in service.spec.ipFamilies then the service will be assigned the default IPFamily
-// configured on the cluster
-#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack"
-
-// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using
-// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The
-// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If
-// service.spec.ipFamilies was not provided then it will be assigned according to how they are
-// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative
-// IPFamily will be added by apiserver
-#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack"
-
-// for backwards compat
-// +enum
-#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType
-
-#enumIPFamilyPolicyType:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// ServiceSpec describes the attributes that a user creates on a service.
-#ServiceSpec: {
- // The list of ports that are exposed by this service.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +patchMergeKey=port
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=port
- // +listMapKey=protocol
- ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep)
-
- // Route service traffic to pods with label keys and values matching this
- // selector. If empty or not present, the service is assumed to have an
- // external process managing its endpoints, which Kubernetes will not
- // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
- // Ignored if type is ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // clusterIP is the IP address of the service and is usually assigned
- // randomly. If an address is specified manually, is in-range (as per
- // system configuration), and is not in use, it will be allocated to the
- // service; otherwise creation of the service will fail. This field may not
- // be changed through updates unless the type field is also being changed
- // to ExternalName (which requires this field to be blank) or the type
- // field is being changed from ExternalName (in which case this field may
- // optionally be specified, as describe above). Valid values are "None",
- // empty string (""), or a valid IP address. Setting this to "None" makes a
- // "headless service" (no virtual IP), which is useful when direct endpoint
- // connections are preferred and proxying is not required. Only applies to
- // types ClusterIP, NodePort, and LoadBalancer. If this field is specified
- // when creating a Service of type ExternalName, creation will fail. This
- // field will be wiped when updating a Service to type ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt)
-
- // ClusterIPs is a list of IP addresses assigned to this service, and are
- // usually assigned randomly. If an address is specified manually, is
- // in-range (as per system configuration), and is not in use, it will be
- // allocated to the service; otherwise creation of the service will fail.
- // This field may not be changed through updates unless the type field is
- // also being changed to ExternalName (which requires this field to be
- // empty) or the type field is being changed from ExternalName (in which
- // case this field may optionally be specified, as describe above). Valid
- // values are "None", empty string (""), or a valid IP address. Setting
- // this to "None" makes a "headless service" (no virtual IP), which is
- // useful when direct endpoint connections are preferred and proxying is
- // not required. Only applies to types ClusterIP, NodePort, and
- // LoadBalancer. If this field is specified when creating a Service of type
- // ExternalName, creation will fail. This field will be wiped when updating
- // a Service to type ExternalName. If this field is not specified, it will
- // be initialized from the clusterIP field. If this field is specified,
- // clients must ensure that clusterIPs[0] and clusterIP have the same
- // value.
- //
- // This field may hold a maximum of two entries (dual-stack IPs, in either order).
- // These IPs must correspond to the values of the ipFamilies field. Both
- // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +listType=atomic
- // +optional
- clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt)
-
- // type determines how the Service is exposed. Defaults to ClusterIP. Valid
- // options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
- // "ClusterIP" allocates a cluster-internal IP address for load-balancing
- // to endpoints. Endpoints are determined by the selector or if that is not
- // specified, by manual construction of an Endpoints object or
- // EndpointSlice objects. If clusterIP is "None", no virtual IP is
- // allocated and the endpoints are published as a set of endpoints rather
- // than a virtual IP.
- // "NodePort" builds on ClusterIP and allocates a port on every node which
- // routes to the same endpoints as the clusterIP.
- // "LoadBalancer" builds on NodePort and creates an external load-balancer
- // (if supported in the current cloud) which routes to the same endpoints
- // as the clusterIP.
- // "ExternalName" aliases this service to the specified externalName.
- // Several other fields do not apply to ExternalName services.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
- // +optional
- type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType)
-
- // externalIPs is a list of IP addresses for which nodes in the cluster
- // will also accept traffic for this service. These IPs are not managed by
- // Kubernetes. The user is responsible for ensuring that traffic arrives
- // at a node with this IP. A common example is external load-balancers
- // that are not part of the Kubernetes system.
- // +optional
- externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep)
-
- // Supports "ClientIP" and "None". Used to maintain session affinity.
- // Enable client IP based session affinity.
- // Must be ClientIP or None.
- // Defaults to None.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity)
-
- // Only applies to Service Type: LoadBalancer.
- // This feature depends on whether the underlying cloud-provider supports specifying
- // the loadBalancerIP when a load balancer is created.
- // This field will be ignored if the cloud-provider does not support the feature.
- // Deprecated: This field was under-specified and its meaning varies across implementations.
- // Using it is non-portable and it may not support dual-stack.
- // Users are encouraged to use implementation-specific annotations when available.
- // +optional
- loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt)
-
- // If specified and supported by the platform, this will restrict traffic through the cloud-provider
- // load-balancer will be restricted to the specified client IPs. This field will be ignored if the
- // cloud-provider does not support the feature."
- // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
- // +optional
- loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt)
-
- // externalName is the external reference that discovery mechanisms will
- // return as an alias for this service (e.g. a DNS CNAME record). No
- // proxying will be involved. Must be a lowercase RFC-1123 hostname
- // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
- // +optional
- externalName?: string @go(ExternalName) @protobuf(10,bytes,opt)
-
- // externalTrafficPolicy describes how nodes distribute service traffic they
- // receive on one of the Service's "externally-facing" addresses (NodePorts,
- // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
- // the service in a way that assumes that external load balancers will take care
- // of balancing the service traffic between nodes, and so each node will deliver
- // traffic only to the node-local endpoints of the service, without masquerading
- // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
- // be dropped.) The default value, "Cluster", uses the standard behavior of
- // routing to all endpoints evenly (possibly modified by topology and other
- // features). Note that traffic sent to an External IP or LoadBalancer IP from
- // within the cluster will always get "Cluster" semantics, but clients sending to
- // a NodePort from within the cluster may need to take traffic policy into account
- // when picking a node.
- // +optional
- externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt)
-
- // healthCheckNodePort specifies the healthcheck nodePort for the service.
- // This only applies when type is set to LoadBalancer and
- // externalTrafficPolicy is set to Local. If a value is specified, is
- // in-range, and is not in use, it will be used. If not specified, a value
- // will be automatically allocated. External systems (e.g. load-balancers)
- // can use this port to determine if a given node holds endpoints for this
- // service or not. If this field is specified when creating a Service
- // which does not need it, creation will fail. This field will be wiped
- // when updating a Service to no longer need it (e.g. changing type).
- // This field cannot be updated once set.
- // +optional
- healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt)
-
- // publishNotReadyAddresses indicates that any agent which deals with endpoints for this
- // Service should disregard any indications of ready/not-ready.
- // The primary use case for setting this field is for a StatefulSet's Headless Service to
- // propagate SRV DNS records for its Pods for the purpose of peer discovery.
- // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
- // Services interpret this to mean that all endpoints are considered "ready" even if the
- // Pods themselves are not. Agents which consume only Kubernetes generated endpoints
- // through the Endpoints or EndpointSlice resources can safely assume this behavior.
- // +optional
- publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt)
-
- // sessionAffinityConfig contains the configurations of session affinity.
- // +optional
- sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt)
-
- // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
- // service. This field is usually assigned automatically based on cluster
- // configuration and the ipFamilyPolicy field. If this field is specified
- // manually, the requested family is available in the cluster,
- // and ipFamilyPolicy allows it, it will be used; otherwise creation of
- // the service will fail. This field is conditionally mutable: it allows
- // for adding or removing a secondary IP family, but it does not allow
- // changing the primary IP family of the Service. Valid values are "IPv4"
- // and "IPv6". This field only applies to Services of types ClusterIP,
- // NodePort, and LoadBalancer, and does apply to "headless" services.
- // This field will be wiped when updating a Service to type ExternalName.
- //
- // This field may hold a maximum of two entries (dual-stack families, in
- // either order). These families must correspond to the values of the
- // clusterIPs field, if specified. Both clusterIPs and ipFamilies are
- // governed by the ipFamilyPolicy field.
- // +listType=atomic
- // +optional
- ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily)
-
- // IPFamilyPolicy represents the dual-stack-ness requested or required by
- // this Service. If there is no value provided, then this field will be set
- // to SingleStack. Services can be "SingleStack" (a single IP family),
- // "PreferDualStack" (two IP families on dual-stack configured clusters or
- // a single IP family on single-stack clusters), or "RequireDualStack"
- // (two IP families on dual-stack configured clusters, otherwise fail). The
- // ipFamilies and clusterIPs fields depend on the value of this field. This
- // field will be wiped when updating a service to type ExternalName.
- // +optional
- ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy)
-
- // allocateLoadBalancerNodePorts defines if NodePorts will be automatically
- // allocated for services with type LoadBalancer. Default is "true". It
- // may be set to "false" if the cluster load-balancer does not rely on
- // NodePorts. If the caller requests specific NodePorts (by specifying a
- // value), those requests will be respected, regardless of this field.
- // This field may only be set for services with type LoadBalancer and will
- // be cleared if the type is changed to any other type.
- // +optional
- allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt)
-
- // loadBalancerClass is the class of the load balancer implementation this Service belongs to.
- // If specified, the value of this field must be a label-style identifier, with an optional prefix,
- // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
- // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
- // balancer implementation is used, today this is typically done through the cloud provider integration,
- // but should apply for any default implementation. If set, it is assumed that a load balancer
- // implementation is watching for Services with a matching class. Any default load balancer
- // implementation (e.g. cloud providers) should ignore Services that set this field.
- // This field can only be set when creating or updating a Service to type 'LoadBalancer'.
- // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
- // +optional
- loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt)
-
- // InternalTrafficPolicy describes how nodes distribute service traffic they
- // receive on the ClusterIP. If set to "Local", the proxy will assume that pods
- // only want to talk to endpoints of the service on the same node as the pod,
- // dropping the traffic if there are no local endpoints. The default value,
- // "Cluster", uses the standard behavior of routing to all endpoints evenly
- // (possibly modified by topology and other features).
- // +optional
- internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt)
-}
-
-// ServicePort contains information on service's port.
-#ServicePort: {
- // The name of this port within the service. This must be a DNS_LABEL.
- // All ports within a ServiceSpec must have unique names. When considering
- // the endpoints for a Service, this must match the 'name' field in the
- // EndpointPort.
- // Optional if only one ServicePort is defined on this service.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
- // Default is TCP.
- // +default="TCP"
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt)
-
- // The port that will be exposed by this service.
- port: int32 @go(Port) @protobuf(3,varint,opt)
-
- // Number or name of the port to access on the pods targeted by the service.
- // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- // If this is a string, it will be looked up as a named port in the
- // target Pod's container ports. If this is not specified, the value
- // of the 'port' field is used (an identity map).
- // This field is ignored for services with clusterIP=None, and should be
- // omitted or set equal to the 'port' field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
- // +optional
- targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt)
-
- // The port on each node on which this service is exposed when type is
- // NodePort or LoadBalancer. Usually assigned by the system. If a value is
- // specified, in-range, and not in use it will be used, otherwise the
- // operation will fail. If not specified, a port will be allocated if this
- // Service requires one. If this field is specified when creating a
- // Service which does not need it, creation will fail. This field will be
- // wiped when updating a Service to no longer need it (e.g. changing type
- // from NodePort to ClusterIP).
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- // +optional
- nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt)
-}
-
-// Service is a named abstraction of software service (for example, mysql) consisting of local port
-// (for example 3306) that the proxy listens on, and the selector that determines which pods
-// will answer requests sent through the proxy.
-#Service: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a service.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the service.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ClusterIPNone - do not assign a cluster IP
-// no proxying required and no environment variables should be created for pods
-#ClusterIPNone: "None"
-
-// ServiceList holds a list of services.
-#ServiceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of services
- items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep)
-}
-
-// ServiceAccount binds together:
-// * a name, understood by users, and perhaps by peripheral systems, for an identity
-// * a principal that can be authenticated and authorized
-// * a set of secrets
-#ServiceAccount: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use.
- // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true".
- // This field should not be used to find auto-generated service account token secrets for use outside of pods.
- // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep)
-
- // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
- // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
- // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
- // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
- // +optional
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep)
-
- // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted.
- // Can be overridden at the pod level.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountList is a list of ServiceAccount objects
-#ServiceAccountList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ServiceAccounts.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep)
-}
-
-// Endpoints is a collection of endpoints that implement the actual service. Example:
-//
-// Name: "mysvc",
-// Subsets: [
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// },
-// {
-// Addresses: [{"ip": "10.10.3.3"}],
-// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
-// },
-// ]
-#Endpoints: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The set of all endpoints is the union of all subsets. Addresses are placed into
- // subsets according to the IPs they share. A single address with multiple ports,
- // some of which are ready and some of which are not (because they come from
- // different containers) will result in the address being displayed in different
- // subsets for the different ports. No address will appear in both Addresses and
- // NotReadyAddresses in the same subset.
- // Sets of addresses and ports that comprise a service.
- // +optional
- subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep)
-}
-
-// EndpointSubset is a group of addresses with a common set of ports. The
-// expanded set of endpoints is the Cartesian product of Addresses x Ports.
-// For example, given:
-//
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// }
-//
-// The resulting set of endpoints can be viewed as:
-//
-// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
-// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
-#EndpointSubset: {
- // IP addresses which offer the related ports that are marked as ready. These endpoints
- // should be considered safe for load balancers and clients to utilize.
- // +optional
- addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep)
-
- // IP addresses which offer the related ports but are not currently marked as ready
- // because they have not yet finished starting, have recently failed a readiness check,
- // or have recently failed a liveness check.
- // +optional
- notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep)
-
- // Port numbers available on the related IP addresses.
- // +optional
- ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep)
-}
-
-// EndpointAddress is a tuple that describes single IP address.
-// +structType=atomic
-#EndpointAddress: {
- // The IP of this endpoint.
- // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
- // or link-local multicast (224.0.0.0/24 or ff02::/16).
- ip: string @go(IP) @protobuf(1,bytes,opt)
-
- // The Hostname of this endpoint
- // +optional
- hostname?: string @go(Hostname) @protobuf(3,bytes,opt)
-
- // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
- // +optional
- nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt)
-
- // Reference to object providing the endpoint.
- // +optional
- targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt)
-}
-
-// EndpointPort is a tuple that describes a single port.
-// +structType=atomic
-#EndpointPort: {
- // The name of this port. This must match the 'name' field in the
- // corresponding ServicePort.
- // Must be a DNS_LABEL.
- // Optional only if one port is defined.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The port number of the endpoint.
- port: int32 @go(Port) @protobuf(2,varint,opt)
-
- // The IP protocol for this port.
- // Must be UDP, TCP, or SCTP.
- // Default is TCP.
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt)
-}
-
-// EndpointsList is a list of endpoints.
-#EndpointsList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of endpoints.
- items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep)
-}
-
-// NodeSpec describes the attributes that a node is created with.
-#NodeSpec: {
- // PodCIDR represents the pod IP range assigned to the node.
- // +optional
- podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt)
-
- // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this
- // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for
- // each of IPv4 and IPv6.
- // +optional
- // +patchStrategy=merge
- podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt)
-
- // ID of the node assigned by the cloud provider in the format: ://
- // +optional
- providerID?: string @go(ProviderID) @protobuf(3,bytes,opt)
-
- // Unschedulable controls node schedulability of new pods. By default, node is schedulable.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
- // +optional
- unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt)
-
- // If specified, the node's taints.
- // +optional
- taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt)
-
- // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.
- // +optional
- configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt)
-
- // Deprecated. Not all kubelets will set this field. Remove field after 1.13.
- // see: https://issues.k8s.io/61966
- // +optional
- externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt)
-}
-
-// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
-// This API is deprecated since 1.22
-#NodeConfigSource: {
- // ConfigMap is a reference to a Node's ConfigMap
- configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt)
-}
-
-// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
-// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
-#ConfigMapNodeConfigSource: {
- // Namespace is the metadata.namespace of the referenced ConfigMap.
- // This field is required in all cases.
- namespace: string @go(Namespace) @protobuf(1,bytes,opt)
-
- // Name is the metadata.name of the referenced ConfigMap.
- // This field is required in all cases.
- name: string @go(Name) @protobuf(2,bytes,opt)
-
- // UID is the metadata.UID of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- uid?: types.#UID @go(UID) @protobuf(3,bytes,opt)
-
- // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
- // This field is required in all cases.
- kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt)
-}
-
-// DaemonEndpoint contains information about a single Daemon endpoint.
-#DaemonEndpoint: {
- // Port number of the given endpoint.
- Port: int32 @protobuf(1,varint,opt)
-}
-
-// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
-#NodeDaemonEndpoints: {
- // Endpoint on which Kubelet is listening.
- // +optional
- kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt)
-}
-
-// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
-#NodeSystemInfo: {
- // MachineID reported by the node. For unique machine identification
- // in the cluster this field is preferred. Learn more from man(5)
- // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
- machineID: string @go(MachineID) @protobuf(1,bytes,opt)
-
- // SystemUUID reported by the node. For unique machine identification
- // MachineID is preferred. This field is specific to Red Hat hosts
- // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
- systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt)
-
- // Boot ID reported by the node.
- bootID: string @go(BootID) @protobuf(3,bytes,opt)
-
- // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
- kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt)
-
- // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
- osImage: string @go(OSImage) @protobuf(5,bytes,opt)
-
- // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
- containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt)
-
- // Kubelet Version reported by the node.
- kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt)
-
- // KubeProxy Version reported by the node.
- kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt)
-
- // The Operating System reported by the node
- operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt)
-
- // The Architecture reported by the node
- architecture: string @go(Architecture) @protobuf(10,bytes,opt)
-}
-
-// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
-#NodeConfigStatus: {
- // Assigned reports the checkpointed config the node will try to use.
- // When Node.Spec.ConfigSource is updated, the node checkpoints the associated
- // config payload to local disk, along with a record indicating intended
- // config. The node refers to this record to choose its config checkpoint, and
- // reports this record in Assigned. Assigned only updates in the status after
- // the record has been checkpointed to disk. When the Kubelet is restarted,
- // it tries to make the Assigned config the Active config by loading and
- // validating the checkpointed payload identified by Assigned.
- // +optional
- assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt)
-
- // Active reports the checkpointed config the node is actively using.
- // Active will represent either the current version of the Assigned config,
- // or the current LastKnownGood config, depending on whether attempting to use the
- // Assigned config results in an error.
- // +optional
- active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt)
-
- // LastKnownGood reports the checkpointed config the node will fall back to
- // when it encounters an error attempting to use the Assigned config.
- // The Assigned config becomes the LastKnownGood config when the node determines
- // that the Assigned config is stable and correct.
- // This is currently implemented as a 10-minute soak period starting when the local
- // record of Assigned config is updated. If the Assigned config is Active at the end
- // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
- // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
- // because the local default config is always assumed good.
- // You should not make assumptions about the node's method of determining config stability
- // and correctness, as this may change or become configurable in the future.
- // +optional
- lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt)
-
- // Error describes any problems reconciling the Spec.ConfigSource to the Active config.
- // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
- // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
- // to load or validate the Assigned config, etc.
- // Errors may occur at different points while syncing config. Earlier errors (e.g. download or
- // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
- // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
- // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
- // by fixing the config assigned in Spec.ConfigSource.
- // You can find additional information for debugging by searching the error message in the Kubelet log.
- // Error is a human-readable description of the error state; machines can check whether or not Error
- // is empty, but should not rely on the stability of the Error text across Kubelet versions.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// NodeStatus is information about the current status of a node.
-#NodeStatus: {
- // Capacity represents the total resources of a node.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Allocatable represents the resources of a node that are available for scheduling.
- // Defaults to Capacity.
- // +optional
- allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // NodePhase is the recently observed lifecycle phase of the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase
- // The field is never populated, and now is deprecated.
- // +optional
- phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase)
-
- // Conditions is an array of current observed node conditions.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep)
-
- // List of addresses reachable to the node.
- // Queried from cloud provider, if available.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses
- // Note: This field is declared as mergeable, but the merge key is not sufficiently
- // unique, which can cause data corruption when it is merged. Callers should instead
- // use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
- // Consumers should assume that addresses can change during the
- // lifetime of a Node. However, there are some exceptions where this may not
- // be possible, such as Pods that inherit a Node's address in its own status or
- // consumers of the downward API (status.hostIP).
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep)
-
- // Endpoints of daemons running on the Node.
- // +optional
- daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt)
-
- // Set of ids/uuids to uniquely identify the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#info
- // +optional
- nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt)
-
- // List of container images on this node
- // +optional
- images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep)
-
- // List of attachable volumes in use (mounted) by the node.
- // +optional
- volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep)
-
- // List of volumes that are attached to the node.
- // +optional
- volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep)
-
- // Status of the config assigned to the node via the dynamic Kubelet config feature.
- // +optional
- config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt)
-}
-
-#UniqueVolumeName: string
-
-// AttachedVolume describes a volume attached to a node
-#AttachedVolume: {
- // Name of the attached volume
- name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep)
-
- // DevicePath represents the device path where the volume should be available
- devicePath: string @go(DevicePath) @protobuf(2,bytes,rep)
-}
-
-// AvoidPods describes pods that should avoid this node. This is the value for a
-// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and
-// will eventually become a field of NodeStatus.
-#AvoidPods: {
- // Bounded-sized list of signatures of pods that should avoid this node, sorted
- // in timestamp order from oldest to newest. Size of the slice is unspecified.
- // +optional
- preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep)
-}
-
-// Describes a class of pods that should avoid this node.
-#PreferAvoidPodsEntry: {
- // The class of pods.
- podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt)
-
- // Time at which this entry was added to the list.
- // +optional
- evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt)
-
- // (brief) reason why this entry was added to the list.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Human readable message indicating why this entry was added to the list.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-}
-
-// Describes the class of pods that should avoid this node.
-// Exactly one field should be set.
-#PodSignature: {
- // Reference to controller whose pods should avoid this node.
- // +optional
- podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt)
-}
-
-// Describe a container image
-#ContainerImage: {
- // Names by which this image is known.
- // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
- // +optional
- names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep)
-
- // The size of the image in bytes.
- // +optional
- sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt)
-}
-
-// +enum
-#NodePhase: string // #enumNodePhase
-
-#enumNodePhase:
- #NodePending |
- #NodeRunning |
- #NodeTerminated
-
-// NodePending means the node has been created/added by the system, but not configured.
-#NodePending: #NodePhase & "Pending"
-
-// NodeRunning means the node has been configured and has Kubernetes components running.
-#NodeRunning: #NodePhase & "Running"
-
-// NodeTerminated means the node has been removed from the cluster.
-#NodeTerminated: #NodePhase & "Terminated"
-
-#NodeConditionType: string // #enumNodeConditionType
-
-#enumNodeConditionType:
- #NodeReady |
- #NodeMemoryPressure |
- #NodeDiskPressure |
- #NodePIDPressure |
- #NodeNetworkUnavailable
-
-// NodeReady means kubelet is healthy and ready to accept pods.
-#NodeReady: #NodeConditionType & "Ready"
-
-// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory.
-#NodeMemoryPressure: #NodeConditionType & "MemoryPressure"
-
-// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk.
-#NodeDiskPressure: #NodeConditionType & "DiskPressure"
-
-// NodePIDPressure means the kubelet is under pressure due to insufficient available PID.
-#NodePIDPressure: #NodeConditionType & "PIDPressure"
-
-// NodeNetworkUnavailable means that network for the node is not correctly configured.
-#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable"
-
-// NodeCondition contains condition information for a node.
-#NodeCondition: {
- // Type of node condition.
- type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we got an update on a given condition.
- // +optional
- lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transit from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // (brief) reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-#NodeAddressType: string // #enumNodeAddressType
-
-#enumNodeAddressType:
- #NodeHostName |
- #NodeInternalIP |
- #NodeExternalIP |
- #NodeInternalDNS |
- #NodeExternalDNS
-
-// NodeHostName identifies a name of the node. Although every node can be assumed
-// to have a NodeAddress of this type, its exact syntax and semantics are not
-// defined, and are not consistent between different clusters.
-#NodeHostName: #NodeAddressType & "Hostname"
-
-// NodeInternalIP identifies an IP address which is assigned to one of the node's
-// network interfaces. Every node should have at least one address of this type.
-//
-// An internal IP is normally expected to be reachable from every other node, but
-// may not be visible to hosts outside the cluster. By default it is assumed that
-// kube-apiserver can reach node internal IPs, though it is possible to configure
-// clusters where this is not the case.
-//
-// NodeInternalIP is the default type of node IP, and does not necessarily imply
-// that the IP is ONLY reachable internally. If a node has multiple internal IPs,
-// no specific semantics are assigned to the additional IPs.
-#NodeInternalIP: #NodeAddressType & "InternalIP"
-
-// NodeExternalIP identifies an IP address which is, in some way, intended to be
-// more usable from outside the cluster then an internal IP, though no specific
-// semantics are defined. It may be a globally routable IP, though it is not
-// required to be.
-//
-// External IPs may be assigned directly to an interface on the node, like a
-// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed
-// to an internal node IP rather than being delivered directly (making the IP less
-// efficient for node-to-node traffic than a NodeInternalIP).
-#NodeExternalIP: #NodeAddressType & "ExternalIP"
-
-// NodeInternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeInternalIP. The IP it resolves to may or may not
-// be a listed NodeInternalIP address.
-#NodeInternalDNS: #NodeAddressType & "InternalDNS"
-
-// NodeExternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeExternalIP. The IP it resolves to may or may not
-// be a listed NodeExternalIP address.
-#NodeExternalDNS: #NodeAddressType & "ExternalDNS"
-
-// NodeAddress contains information for the node's address.
-#NodeAddress: {
- // Node address type, one of Hostname, ExternalIP or InternalIP.
- type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType)
-
- // The node address.
- address: string @go(Address) @protobuf(2,bytes,opt)
-}
-
-// ResourceName is the name identifying various resources in a ResourceList.
-#ResourceName: string // #enumResourceName
-
-#enumResourceName:
- #ResourceCPU |
- #ResourceMemory |
- #ResourceStorage |
- #ResourceEphemeralStorage |
- #ResourcePods |
- #ResourceServices |
- #ResourceReplicationControllers |
- #ResourceQuotas |
- #ResourceSecrets |
- #ResourceConfigMaps |
- #ResourcePersistentVolumeClaims |
- #ResourceServicesNodePorts |
- #ResourceServicesLoadBalancers |
- #ResourceRequestsCPU |
- #ResourceRequestsMemory |
- #ResourceRequestsStorage |
- #ResourceRequestsEphemeralStorage |
- #ResourceLimitsCPU |
- #ResourceLimitsMemory |
- #ResourceLimitsEphemeralStorage
-
-// CPU, in cores. (500m = .5 cores)
-#ResourceCPU: #ResourceName & "cpu"
-
-// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceMemory: #ResourceName & "memory"
-
-// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024)
-#ResourceStorage: #ResourceName & "storage"
-
-// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// The resource name for ResourceEphemeralStorage is alpha and it can change across releases.
-#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage"
-
-// Default namespace prefix.
-#ResourceDefaultNamespacePrefix: "kubernetes.io/"
-
-// Name prefix for huge page resources (alpha).
-#ResourceHugePagesPrefix: "hugepages-"
-
-// Name prefix for storage resource limits
-#ResourceAttachableVolumesPrefix: "attachable-volumes-"
-
-// ResourceList is a set of (resource name, quantity) pairs.
-#ResourceList: {[string]: resource.#Quantity}
-
-// Node is a worker node in Kubernetes.
-// Each node will have a unique identifier in the cache (i.e. in etcd).
-#Node: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a node.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the node.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NodeList is the whole list of all Nodes which have been registered with master.
-#NodeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of nodes
- items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep)
-}
-
-// FinalizerName is the name identifying a finalizer during namespace lifecycle.
-#FinalizerName: string // #enumFinalizerName
-
-#enumFinalizerName:
- #FinalizerKubernetes
-
-#FinalizerKubernetes: #FinalizerName & "kubernetes"
-
-// NamespaceSpec describes the attributes on a Namespace.
-#NamespaceSpec: {
- // Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName)
-}
-
-// NamespaceStatus is information about the current status of a Namespace.
-#NamespaceStatus: {
- // Phase is the current lifecycle phase of the namespace.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase)
-
- // Represents the latest available observations of a namespace's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep)
-}
-
-// +enum
-#NamespacePhase: string // #enumNamespacePhase
-
-#enumNamespacePhase:
- #NamespaceActive |
- #NamespaceTerminating
-
-// NamespaceActive means the namespace is available for use in the system
-#NamespaceActive: #NamespacePhase & "Active"
-
-// NamespaceTerminating means the namespace is undergoing graceful termination
-#NamespaceTerminating: #NamespacePhase & "Terminating"
-
-// NamespaceTerminatingCause is returned as a defaults.cause item when a change is
-// forbidden due to the namespace being terminated.
-#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating"
-
-#NamespaceConditionType: string // #enumNamespaceConditionType
-
-#enumNamespaceConditionType:
- #NamespaceDeletionDiscoveryFailure |
- #NamespaceDeletionContentFailure |
- #NamespaceDeletionGVParsingFailure |
- #NamespaceContentRemaining |
- #NamespaceFinalizersRemaining
-
-// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery.
-#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure"
-
-// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources.
-#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure"
-
-// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types.
-#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure"
-
-// NamespaceContentRemaining contains information about resources remaining in a namespace.
-#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining"
-
-// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace.
-#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining"
-
-// NamespaceCondition contains details about state of namespace.
-#NamespaceCondition: {
- // Type of namespace controller condition.
- type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// Namespace provides a scope for Names.
-// Use of multiple namespaces is optional.
-#Namespace: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of the Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status describes the current status of a Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NamespaceList is a list of Namespaces.
-#NamespaceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of Namespace objects in the list.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep)
-}
-
-// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
-// Deprecated in 1.7, please use the bindings subresource of pods instead.
-#Binding: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The target object that you want to bind to the standard object.
- target: #ObjectReference @go(Target) @protobuf(2,bytes,opt)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-// +k8s:openapi-gen=false
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-}
-
-// PodLogOptions is the query options for a Pod's logs REST call.
-#PodLogOptions: {
- metav1.#TypeMeta
-
- // The container for which to stream logs. Defaults to only container if there is one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(1,bytes,opt)
-
- // Follow the log stream of the pod. Defaults to false.
- // +optional
- follow?: bool @go(Follow) @protobuf(2,varint,opt)
-
- // Return previous terminated container logs. Defaults to false.
- // +optional
- previous?: bool @go(Previous) @protobuf(3,varint,opt)
-
- // A relative time in seconds before the current time from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt)
-
- // An RFC3339 timestamp from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt)
-
- // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
- // of log output. Defaults to false.
- // +optional
- timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt)
-
- // If set, the number of lines from the end of the logs to show. If not specified,
- // logs are shown from the creation of the container or sinceSeconds or sinceTime
- // +optional
- tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt)
-
- // If set, the number of bytes to read from the server before terminating the
- // log output. This may not display a complete final line of logging, and may return
- // slightly more or slightly less than the specified limit.
- // +optional
- limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt)
-
- // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the
- // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver
- // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real
- // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the
- // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept
- // the actual log data coming from the real kubelet).
- // +optional
- insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt)
-}
-
-// PodAttachOptions is the query options to a Pod's remote attach call.
-// ---
-// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodAttachOptions: {
- metav1.#TypeMeta
-
- // Stdin if true, redirects the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Stdout if true indicates that stdout is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Stderr if true indicates that stderr is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the attach call.
- // This is passed through the container runtime so the tty
- // is allocated on the worker node by the container runtime.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // The container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-}
-
-// PodExecOptions is the query options to a Pod's remote exec call.
-// ---
-// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodExecOptions: {
- metav1.#TypeMeta
-
- // Redirect the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Redirect the standard output stream of the pod for this call.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Redirect the standard error stream of the pod for this call.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the exec call.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // Container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-
- // Command is the remote command to execute. argv array. Not executed within a shell.
- command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep)
-}
-
-// PodPortForwardOptions is the query options to a Pod's port forward call
-// when using WebSockets.
-// The `port` query parameter must specify the port or
-// ports (comma separated) to forward over.
-// Port forwarding over SPDY does not use these options. It requires the port
-// to be passed in the `port` header as part of request.
-#PodPortForwardOptions: {
- metav1.#TypeMeta
-
- // List of ports to forward
- // Required when using WebSockets
- // +optional
- ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep)
-}
-
-// PodProxyOptions is the query options to a Pod's proxy call.
-#PodProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to pod.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// NodeProxyOptions is the query options to a Node's proxy call.
-#NodeProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to node.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ServiceProxyOptions is the query options to a Service's proxy call.
-#ServiceProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the part of URLs that include service endpoints, suffixes,
- // and parameters to use for the current proxy request to service.
- // For example, the whole request URL is
- // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy.
- // Path is _search?q=user:kimchy.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ObjectReference contains enough information to let you inspect or modify the referred object.
-// ---
-// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
-// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
-// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
-// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
-// Those cannot be well described when embedded.
-// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
-// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
-// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
-// and the version of the actual struct is irrelevant.
-// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
-// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
-//
-// Instead of using this type, create a locally provided and used type that is well-focused on your reference.
-// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +structType=atomic
-#ObjectReference: {
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Namespace of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // +optional
- name?: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // API version of the referent.
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Specific resourceVersion to which this reference is made, if any.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // If referring to a piece of an object instead of an entire object, this string
- // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- // For example, if the object reference is to a container within a pod, this would take on a value like:
- // "spec.containers{name}" (where "name" refers to the name of the container that triggered
- // the event) or if no container name is specified "spec.containers[2]" (container with
- // index 2 in this pod). This syntax is chosen only to have some well-defined way of
- // referencing a part of an object.
- // TODO: this design is not final and this field is subject to change in the future.
- // +optional
- fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt)
-}
-
-// LocalObjectReference contains enough information to let you locate the
-// referenced object inside the same namespace.
-// +structType=atomic
-#LocalObjectReference: {
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // TODO: Add other useful fields. apiVersion, kind, uid?
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TypedLocalObjectReference contains enough information to let you locate the
-// typed referenced object inside the same namespace.
-// +structType=atomic
-#TypedLocalObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-}
-
-// SerializedReference is a reference to serialized object.
-#SerializedReference: {
- metav1.#TypeMeta
-
- // The reference to an object in the system.
- // +optional
- reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt)
-}
-
-// EventSource contains information for an event.
-#EventSource: {
- // Component from which the event is generated.
- // +optional
- component?: string @go(Component) @protobuf(1,bytes,opt)
-
- // Node name on which the event is generated.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-// Information only and will not cause any problems
-#EventTypeNormal: "Normal"
-
-// These events are to warn that something might go wrong
-#EventTypeWarning: "Warning"
-
-// Event is a report of an event somewhere in the cluster. Events
-// have a limited retention time and triggers and messages may evolve
-// with time. Event consumers should not rely on the timing of an event
-// with a given Reason reflecting a consistent underlying trigger, or the
-// continued existence of events with that Reason. Events should be
-// treated as informative, best-effort, supplemental data.
-#Event: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The object that this event is about.
- involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt)
-
- // This should be a short, machine understandable string that gives the reason
- // for the transition into the object's current status.
- // TODO: provide exact specification for format.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // TODO: decide on maximum length.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // The component reporting this event. Should be a short machine understandable string.
- // +optional
- source?: #EventSource @go(Source) @protobuf(5,bytes,opt)
-
- // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
- // +optional
- firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt)
-
- // The time at which the most recent occurrence of this event was recorded.
- // +optional
- lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt)
-
- // The number of times this event has occurred.
- // +optional
- count?: int32 @go(Count) @protobuf(8,varint,opt)
-
- // Type of this event (Normal, Warning), new types could be added in the future
- // +optional
- type?: string @go(Type) @protobuf(9,bytes,opt)
-
- // Time when this Event was first observed.
- // +optional
- eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt)
-
- // Data about the Event series this event represents or nil if it's a singleton Event.
- // +optional
- series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt)
-
- // What action was taken/failed regarding to the Regarding object.
- // +optional
- action?: string @go(Action) @protobuf(12,bytes,opt)
-
- // Optional secondary object for more complex actions.
- // +optional
- related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt)
-
- // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
- // +optional
- reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt)
-
- // ID of the controller instance, e.g. `kubelet-xyzf`.
- // +optional
- reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt)
-}
-
-// EventSeries contain information on series of events, i.e. thing that was/is happening
-// continuously for some time.
-#EventSeries: {
- // Number of occurrences in this series up to the last heartbeat time
- count?: int32 @go(Count) @protobuf(1,varint)
-
- // Time of the last occurrence observed
- lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes)
-}
-
-// EventList is a list of events.
-#EventList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of events
- items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep)
-}
-
-// List holds a list of objects, which may not be known by the server.
-#List: metav1.#List
-
-// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or
-// a fully qualified resource name.
-#LimitType: string // #enumLimitType
-
-#enumLimitType:
- #LimitTypePod |
- #LimitTypeContainer |
- #LimitTypePersistentVolumeClaim
-
-// Limit that applies to all pods in a namespace
-#LimitTypePod: #LimitType & "Pod"
-
-// Limit that applies to all containers in a namespace
-#LimitTypeContainer: #LimitType & "Container"
-
-// Limit that applies to all persistent volume claims in a namespace
-#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim"
-
-// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
-#LimitRangeItem: {
- // Type of resource that this limit applies to.
- type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType)
-
- // Max usage constraints on this kind by resource name.
- // +optional
- max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Min usage constraints on this kind by resource name.
- // +optional
- min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Default resource requirement limit value by resource name if resource limit is omitted.
- // +optional
- default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
- // +optional
- defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
- // +optional
- maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
-#LimitRangeSpec: {
- // Limits is the list of LimitRangeItem objects that are enforced.
- limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep)
-}
-
-// LimitRange sets resource usage limits for each kind of resource in a Namespace.
-#LimitRange: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the limits enforced.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// LimitRangeList is a list of LimitRange items.
-#LimitRangeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of LimitRange objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep)
-}
-
-// Pods, number
-#ResourcePods: #ResourceName & "pods"
-
-// Services, number
-#ResourceServices: #ResourceName & "services"
-
-// ReplicationControllers, number
-#ResourceReplicationControllers: #ResourceName & "replicationcontrollers"
-
-// ResourceQuotas, number
-#ResourceQuotas: #ResourceName & "resourcequotas"
-
-// ResourceSecrets, number
-#ResourceSecrets: #ResourceName & "secrets"
-
-// ResourceConfigMaps, number
-#ResourceConfigMaps: #ResourceName & "configmaps"
-
-// ResourcePersistentVolumeClaims, number
-#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims"
-
-// ResourceServicesNodePorts, number
-#ResourceServicesNodePorts: #ResourceName & "services.nodeports"
-
-// ResourceServicesLoadBalancers, number
-#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers"
-
-// CPU request, in cores. (500m = .5 cores)
-#ResourceRequestsCPU: #ResourceName & "requests.cpu"
-
-// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsMemory: #ResourceName & "requests.memory"
-
-// Storage request, in bytes
-#ResourceRequestsStorage: #ResourceName & "requests.storage"
-
-// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage"
-
-// CPU limit, in cores. (500m = .5 cores)
-#ResourceLimitsCPU: #ResourceName & "limits.cpu"
-
-// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsMemory: #ResourceName & "limits.memory"
-
-// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage"
-
-// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// As burst is not supported for HugePages, we would only quota its request, and ignore the limit.
-#ResourceRequestsHugePagesPrefix: "requests.hugepages-"
-
-// Default resource requests prefix
-#DefaultResourceRequestsPrefix: "requests."
-
-// A ResourceQuotaScope defines a filter that must match each object tracked by a quota
-// +enum
-#ResourceQuotaScope: string // #enumResourceQuotaScope
-
-#enumResourceQuotaScope:
- #ResourceQuotaScopeTerminating |
- #ResourceQuotaScopeNotTerminating |
- #ResourceQuotaScopeBestEffort |
- #ResourceQuotaScopeNotBestEffort |
- #ResourceQuotaScopePriorityClass |
- #ResourceQuotaScopeCrossNamespacePodAffinity
-
-// Match all pod objects where spec.activeDeadlineSeconds >=0
-#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating"
-
-// Match all pod objects where spec.activeDeadlineSeconds is nil
-#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating"
-
-// Match all pod objects that have best effort quality of service
-#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort"
-
-// Match all pod objects that do not have best effort quality of service
-#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort"
-
-// Match all pod objects that have priority class mentioned
-#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass"
-
-// Match all pod objects that have cross-namespace pod (anti)affinity mentioned.
-#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity"
-
-// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
-#ResourceQuotaSpec: {
- // hard is the set of desired hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // A collection of filters that must match each object tracked by a quota.
- // If not specified, the quota matches all objects.
- // +optional
- scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope)
-
- // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
- // but expressed using ScopeSelectorOperator in combination with possible values.
- // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
- // +optional
- scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt)
-}
-
-// A scope selector represents the AND of the selectors represented
-// by the scoped-resource selector requirements.
-// +structType=atomic
-#ScopeSelector: {
- // A list of scope selector requirements by scope of the resources.
- // +optional
- matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep)
-}
-
-// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
-// that relates the scope name and values.
-#ScopedResourceSelectorRequirement: {
- // The name of the scope that the selector applies to.
- scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt)
-
- // Represents a scope's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist.
- operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A scope selector operator is the set of operators that can be used in
-// a scope selector requirement.
-// +enum
-#ScopeSelectorOperator: string // #enumScopeSelectorOperator
-
-#enumScopeSelectorOperator:
- #ScopeSelectorOpIn |
- #ScopeSelectorOpNotIn |
- #ScopeSelectorOpExists |
- #ScopeSelectorOpDoesNotExist
-
-#ScopeSelectorOpIn: #ScopeSelectorOperator & "In"
-#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn"
-#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists"
-#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist"
-
-// ResourceQuotaStatus defines the enforced hard limits and observed use.
-#ResourceQuotaStatus: {
- // Hard is the set of enforced hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Used is the current observed total usage of the resource in the namespace.
- // +optional
- used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// ResourceQuota sets aggregate quota restrictions enforced per namespace
-#ResourceQuota: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the desired quota.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status defines the actual enforced quota and its current usage.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ResourceQuotaList is a list of ResourceQuota items.
-#ResourceQuotaList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of ResourceQuota objects.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep)
-}
-
-// Secret holds secret data of a certain type. The total bytes of the values in
-// the Data field must be less than MaxSecretSize bytes.
-#Secret: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the Secret cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt)
-
- // Data contains the secret data. Each key must consist of alphanumeric
- // characters, '-', '_' or '.'. The serialized form of the secret data is a
- // base64 encoded string, representing the arbitrary (possibly non-string)
- // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
- // +optional
- data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep)
-
- // stringData allows specifying non-binary secret data in string form.
- // It is provided as a write-only input field for convenience.
- // All keys and values are merged into the data field on write, overwriting any existing values.
- // The stringData field is never output when reading from the API.
- // +k8s:conversion-gen=false
- // +optional
- stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep)
-
- // Used to facilitate programmatic handling of secret data.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
- // +optional
- type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType)
-}
-
-#MaxSecretSize: 1048576
-
-#SecretType: string // #enumSecretType
-
-#enumSecretType:
- #SecretTypeOpaque |
- #SecretTypeServiceAccountToken |
- #SecretTypeDockercfg |
- #SecretTypeDockerConfigJson |
- #SecretTypeBasicAuth |
- #SecretTypeSSHAuth |
- #SecretTypeTLS |
- #SecretTypeBootstrapToken
-
-// SecretTypeOpaque is the default. Arbitrary user-defined data
-#SecretTypeOpaque: #SecretType & "Opaque"
-
-// SecretTypeServiceAccountToken contains a token that identifies a service account to the API
-//
-// Required fields:
-// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies
-// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies
-// - Secret.Data["token"] - a token that identifies the service account to the API
-#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token"
-
-// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountNameKey: "kubernetes.io/service-account.name"
-
-// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountUIDKey: "kubernetes.io/service-account.uid"
-
-// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets
-#ServiceAccountTokenKey: "token"
-
-// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets
-#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig"
-
-// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets
-#ServiceAccountRootCAKey: "ca.crt"
-
-// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls
-#ServiceAccountNamespaceKey: "namespace"
-
-// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg
-//
-// Required fields:
-// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file
-#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg"
-
-// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets
-#DockerConfigKey: ".dockercfg"
-
-// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json
-//
-// Required fields:
-// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file
-#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson"
-
-// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets
-#DockerConfigJsonKey: ".dockerconfigjson"
-
-// SecretTypeBasicAuth contains data needed for basic authentication.
-//
-// Required at least one of fields:
-// - Secret.Data["username"] - username used for authentication
-// - Secret.Data["password"] - password or token needed for authentication
-#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth"
-
-// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets
-#BasicAuthUsernameKey: "username"
-
-// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets
-#BasicAuthPasswordKey: "password"
-
-// SecretTypeSSHAuth contains data needed for SSH authetication.
-//
-// Required field:
-// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication
-#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth"
-
-// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets
-#SSHAuthPrivateKey: "ssh-privatekey"
-
-// SecretTypeTLS contains information about a TLS client or server secret. It
-// is primarily used with TLS termination of the Ingress resource, but may be
-// used in other types.
-//
-// Required fields:
-// - Secret.Data["tls.key"] - TLS private key.
-// Secret.Data["tls.crt"] - TLS certificate.
-// TODO: Consider supporting different formats, specifying CA/destinationCA.
-#SecretTypeTLS: #SecretType & "kubernetes.io/tls"
-
-// TLSCertKey is the key for tls certificates in a TLS secret.
-#TLSCertKey: "tls.crt"
-
-// TLSPrivateKeyKey is the key for the private key field in a TLS secret.
-#TLSPrivateKeyKey: "tls.key"
-
-// SecretTypeBootstrapToken is used during the automated bootstrap process (first
-// implemented by kubeadm). It stores tokens that are used to sign well known
-// ConfigMaps. They are used for authn.
-#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token"
-
-// SecretList is a list of Secret.
-#SecretList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of secret objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep)
-}
-
-// ConfigMap holds configuration data for pods to consume.
-#ConfigMap: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the ConfigMap cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt)
-
- // Data contains the configuration data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // Values with non-UTF-8 byte sequences must use the BinaryData field.
- // The keys stored in Data must not overlap with the keys in
- // the BinaryData field, this is enforced during validation process.
- // +optional
- data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep)
-
- // BinaryData contains the binary data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // BinaryData can contain byte sequences that are not in the UTF-8 range.
- // The keys stored in BinaryData must not overlap with the ones in
- // the Data field, this is enforced during validation process.
- // Using this field will require 1.10+ apiserver and
- // kubelet.
- // +optional
- binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep)
-}
-
-// ConfigMapList is a resource containing a list of ConfigMap objects.
-#ConfigMapList: {
- metav1.#TypeMeta
-
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of ConfigMaps.
- items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep)
-}
-
-// Type and constants for component health validation.
-#ComponentConditionType: string // #enumComponentConditionType
-
-#enumComponentConditionType:
- #ComponentHealthy
-
-#ComponentHealthy: #ComponentConditionType & "Healthy"
-
-// Information about the condition of a component.
-#ComponentCondition: {
- // Type of condition for a component.
- // Valid value: "Healthy"
- type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType)
-
- // Status of the condition for a component.
- // Valid values for "Healthy": "True", "False", or "Unknown".
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Message about the condition for a component.
- // For example, information about a health check.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // Condition error code for a component.
- // For example, a health check error code.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatus: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // List of component conditions observed
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep)
-}
-
-// Status of all the conditions for the component as a list of ComponentStatus objects.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatusList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ComponentStatus objects.
- items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep)
-}
-
-// DownwardAPIVolumeSource represents a volume containing downward API info.
-// Downward API volumes support ownership management and SELinux relabeling.
-#DownwardAPIVolumeSource: {
- // Items is a list of downward API volume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-
- // Optional: mode bits to use on created files by default. Must be a
- // Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644
-
-// DownwardAPIVolumeFile represents information to create the file containing the pod field
-#DownwardAPIVolumeFile: {
- // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt)
-
- // Optional: mode bits used to set permissions on this file, must be an octal value
- // between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt)
-}
-
-// Represents downward API info for projecting into a projected volume.
-// Note that this is identical to a downwardAPI volume source without the default
-// mode.
-#DownwardAPIProjection: {
- // Items is a list of DownwardAPIVolume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-}
-
-// SecurityContext holds security configuration that will be applied to a container.
-// Some fields are present in both SecurityContext and PodSecurityContext. When both
-// are set, the values in SecurityContext take precedence.
-#SecurityContext: {
- // The capabilities to add/drop when running containers.
- // Defaults to the default set of capabilities granted by the container runtime.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt)
-
- // Run container in privileged mode.
- // Processes in privileged containers are essentially equivalent to root on the host.
- // Defaults to false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt)
-
- // The SELinux context to be applied to the container.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options from the PodSecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt)
-
- // Whether this container has a read-only root filesystem.
- // Default is false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt)
-
- // AllowPrivilegeEscalation controls whether a process can gain more
- // privileges than its parent process. This bool directly controls if
- // the no_new_privs flag will be set on the container process.
- // AllowPrivilegeEscalation is true always when the container is:
- // 1) run as Privileged
- // 2) has CAP_SYS_ADMIN
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt)
-
- // procMount denotes the type of proc mount to use for the containers.
- // The default is DefaultProcMount which uses the container runtime defaults for
- // readonly paths and masked paths.
- // This requires the ProcMountType feature flag to be enabled.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by this container. If seccomp options are
- // provided at both the pod & container level, the container options
- // override the pod options.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt)
-}
-
-// +enum
-#ProcMountType: string // #enumProcMountType
-
-#enumProcMountType:
- #DefaultProcMount |
- #UnmaskedProcMount
-
-// DefaultProcMount uses the container runtime defaults for readonly and masked
-// paths for /proc. Most container runtimes mask certain paths in /proc to avoid
-// accidental security exposure of special devices or information.
-#DefaultProcMount: #ProcMountType & "Default"
-
-// UnmaskedProcMount bypasses the default masking behavior of the container
-// runtime and ensures the newly created /proc the container stays in tact with
-// no modifications.
-#UnmaskedProcMount: #ProcMountType & "Unmasked"
-
-// SELinuxOptions are the labels to be applied to the container
-#SELinuxOptions: {
- // User is a SELinux user label that applies to the container.
- // +optional
- user?: string @go(User) @protobuf(1,bytes,opt)
-
- // Role is a SELinux role label that applies to the container.
- // +optional
- role?: string @go(Role) @protobuf(2,bytes,opt)
-
- // Type is a SELinux type label that applies to the container.
- // +optional
- type?: string @go(Type) @protobuf(3,bytes,opt)
-
- // Level is SELinux level label that applies to the container.
- // +optional
- level?: string @go(Level) @protobuf(4,bytes,opt)
-}
-
-// WindowsSecurityContextOptions contain Windows-specific options and credentials.
-#WindowsSecurityContextOptions: {
- // GMSACredentialSpecName is the name of the GMSA credential spec to use.
- // +optional
- gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt)
-
- // GMSACredentialSpec is where the GMSA admission webhook
- // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- // GMSA credential spec named by the GMSACredentialSpecName field.
- // +optional
- gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt)
-
- // The UserName in Windows to run the entrypoint of the container process.
- // Defaults to the user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt)
-
- // HostProcess determines if a container should be run as a 'Host Process' container.
- // All of a Pod's containers must have the same effective HostProcess value
- // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- // In addition, if HostProcess is true then HostNetwork must also be set to true.
- // +optional
- hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt)
-}
-
-// RangeAllocation is not a public type.
-#RangeAllocation: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Range is string that identifies the range represented by 'data'.
- range: string @go(Range) @protobuf(2,bytes,opt)
-
- // Data is a bit array containing all allocated addresses in the previous segment.
- data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt)
-}
-
-// DefaultSchedulerName defines the name of default scheduler.
-#DefaultSchedulerName: "default-scheduler"
-
-// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule
-// corresponding to every RequiredDuringScheduling affinity rule.
-// When the --hard-pod-affinity-weight scheduler flag is not specified,
-// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule.
-#DefaultHardPodAffinitySymmetricWeight: int32 & 1
-
-// Sysctl defines a kernel parameter to be set
-#Sysctl: {
- // Name of a property to set
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Value of a property to set
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// NodeResources is an object for conveying resource information about a node.
-// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details.
-#NodeResources: {
- // Capacity represents the available resources of a node
- Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName)
-}
-
-// Enable stdin for remote command execution
-#ExecStdinParam: "input"
-
-// Enable stdout for remote command execution
-#ExecStdoutParam: "output"
-
-// Enable stderr for remote command execution
-#ExecStderrParam: "error"
-
-// Enable TTY for remote command execution
-#ExecTTYParam: "tty"
-
-// Command to run for remote command execution
-#ExecCommandParam: "command"
-
-// Name of header that specifies stream type
-#StreamType: "streamType"
-
-// Value for streamType header for stdin stream
-#StreamTypeStdin: "stdin"
-
-// Value for streamType header for stdout stream
-#StreamTypeStdout: "stdout"
-
-// Value for streamType header for stderr stream
-#StreamTypeStderr: "stderr"
-
-// Value for streamType header for data stream
-#StreamTypeData: "data"
-
-// Value for streamType header for error stream
-#StreamTypeError: "error"
-
-// Value for streamType header for terminal resize stream
-#StreamTypeResize: "resize"
-
-// Name of header that specifies the port being forwarded
-#PortHeader: "port"
-
-// Name of header that specifies a request ID used to associate the error
-// and data streams for a single forwarded connection
-#PortForwardRequestIDHeader: "requestID"
-
-// MixedProtocolNotSupported error in PortStatus means that the cloud provider
-// can't publish the port on the load balancer because mixed values of protocols
-// on the same LoadBalancer type of Service are not supported by the cloud provider.
-#MixedProtocolNotSupported: "MixedProtocolNotSupported"
-
-#PortStatus: {
- // Port is the port number of the service port of which status is recorded here
- port: int32 @go(Port) @protobuf(1,varint,opt)
-
- // Protocol is the protocol of the service port of which status is recorded here
- // The supported values are: "TCP", "UDP", "SCTP"
- protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // Error is to record the problem with the service port
- // The format of the error shall comply with the following rules:
- // - built-in error values shall be specified in this file and those shall use
- // CamelCase names
- // - cloud provider specific error values must have names that comply with the
- // format foo.example.com/CamelCase.
- // ---
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +optional
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- error?: null | string @go(Error,*string) @protobuf(3,bytes,opt)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
deleted file mode 100644
index 2a1f060b6..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
+++ /dev/null
@@ -1,59 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#LabelHostname: "kubernetes.io/hostname"
-
-// Label value is the network location of kube-apiserver stored as
-// Stored in APIServer Identity lease objects to view what address is used for peer proxy
-#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address"
-#LabelTopologyZone: "topology.kubernetes.io/zone"
-#LabelTopologyRegion: "topology.kubernetes.io/region"
-
-// These label have been deprecated since 1.17, but will be supported for
-// the foreseeable future, to accommodate things like long-lived PVs that
-// use them. New users should prefer the "topology.kubernetes.io/*"
-// equivalents.
-#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone"
-#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region"
-
-// Retained for compat when vendored. Do not use these consts in new code.
-#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone"
-#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region"
-#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone"
-#LabelZoneRegionStable: "topology.kubernetes.io/region"
-#LabelInstanceType: "beta.kubernetes.io/instance-type"
-#LabelInstanceTypeStable: "node.kubernetes.io/instance-type"
-#LabelOSStable: "kubernetes.io/os"
-#LabelArchStable: "kubernetes.io/arch"
-
-// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0.
-// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763)
-#LabelWindowsBuild: "node.kubernetes.io/windows-build"
-
-// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*)
-#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io"
-
-// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*)
-#LabelNamespaceSuffixNode: "node.kubernetes.io"
-
-// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled
-#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io"
-
-// IsHeadlessService is added by Controller to an Endpoint denoting if its parent
-// Service is Headless. The existence of this label can be used further by other
-// controllers and kube-proxy to check if the Endpoint objects should be replicated when
-// using Headless Services
-#IsHeadlessService: "service.kubernetes.io/headless"
-
-// LabelNodeExcludeBalancers specifies that the node should not be considered as a target
-// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only
-// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that
-// any backends on excluded nodes are not reachable by those external load-balancers.
-// Implementations of this exclusion may vary based on provider.
-#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers"
-
-// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels
-#LabelMetadataName: "kubernetes.io/metadata.name"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
deleted file mode 100644
index b7c097336..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// TaintNodeNotReady will be added when node is not ready
-// and removed when node becomes ready.
-#TaintNodeNotReady: "node.kubernetes.io/not-ready"
-
-// TaintNodeUnreachable will be added when node becomes unreachable
-// (corresponding to NodeReady status ConditionUnknown)
-// and removed when node becomes reachable (NodeReady status ConditionTrue).
-#TaintNodeUnreachable: "node.kubernetes.io/unreachable"
-
-// TaintNodeUnschedulable will be added when node becomes unschedulable
-// and removed when node becomes schedulable.
-#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable"
-
-// TaintNodeMemoryPressure will be added when node has memory pressure
-// and removed when node has enough memory.
-#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure"
-
-// TaintNodeDiskPressure will be added when node has disk pressure
-// and removed when node has enough disk.
-#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure"
-
-// TaintNodeNetworkUnavailable will be added when node's network is unavailable
-// and removed when network becomes ready.
-#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable"
-
-// TaintNodePIDPressure will be added when node has pid pressure
-// and removed when node has enough pid.
-#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure"
-
-// TaintNodeOutOfService can be added when node is out of service in case of
-// a non-graceful shutdown
-#TaintNodeOutOfService: "node.kubernetes.io/out-of-service"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue
deleted file mode 100644
index f10426220..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/networking/v1
-
-package v1
-
-#GroupName: "networking.k8s.io"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue
deleted file mode 100644
index bbdc7f2b1..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue
+++ /dev/null
@@ -1,588 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/networking/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/util/intstr"
-)
-
-// NetworkPolicy describes what network traffic is allowed for a set of Pods
-#NetworkPolicy: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec represents the specification of the desired behavior for this NetworkPolicy.
- // +optional
- spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// PolicyType string describes the NetworkPolicy type
-// This type is beta-level in 1.8
-// +enum
-#PolicyType: string // #enumPolicyType
-
-#enumPolicyType:
- #PolicyTypeIngress |
- #PolicyTypeEgress
-
-// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
-#PolicyTypeIngress: #PolicyType & "Ingress"
-
-// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
-#PolicyTypeEgress: #PolicyType & "Egress"
-
-// NetworkPolicySpec provides the specification of a NetworkPolicy
-#NetworkPolicySpec: {
- // podSelector selects the pods to which this NetworkPolicy object applies.
- // The array of ingress rules is applied to any pods selected by this field.
- // Multiple network policies can select the same set of pods. In this case,
- // the ingress rules for each are combined additively.
- // This field is NOT optional and follows standard label selector semantics.
- // An empty podSelector matches all pods in this namespace.
- podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt)
-
- // ingress is a list of ingress rules to be applied to the selected pods.
- // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod
- // (and cluster policy otherwise allows the traffic), OR if the traffic source is
- // the pod's local node, OR if the traffic matches at least one ingress rule
- // across all of the NetworkPolicy objects whose podSelector matches the pod. If
- // this field is empty then this NetworkPolicy does not allow any traffic (and serves
- // solely to ensure that the pods it selects are isolated by default)
- // +optional
- ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep)
-
- // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic
- // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy
- // otherwise allows the traffic), OR if the traffic matches at least one egress rule
- // across all of the NetworkPolicy objects whose podSelector matches the pod. If
- // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
- // solely to ensure that the pods it selects are isolated by default).
- // This field is beta-level in 1.8
- // +optional
- egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep)
-
- // policyTypes is a list of rule types that the NetworkPolicy relates to.
- // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"].
- // If this field is not specified, it will default based on the existence of ingress or egress rules;
- // policies that contain an egress section are assumed to affect egress, and all policies
- // (whether or not they contain an ingress section) are assumed to affect ingress.
- // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
- // Likewise, if you want to write a policy that specifies that no egress is allowed,
- // you must specify a policyTypes value that include "Egress" (since such a policy would not include
- // an egress section and would otherwise default to just [ "Ingress" ]).
- // This field is beta-level in 1.8
- // +optional
- policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType)
-}
-
-// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
-// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
-#NetworkPolicyIngressRule: {
- // ports is a list of ports which should be made accessible on the pods selected for
- // this rule. Each item in this list is combined using a logical OR. If this field is
- // empty or missing, this rule matches all ports (traffic not restricted by port).
- // If this field is present and contains at least one item, then this rule allows
- // traffic only if the traffic matches at least one port in the list.
- // +optional
- ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
-
- // from is a list of sources which should be able to access the pods selected for this rule.
- // Items in this list are combined using a logical OR operation. If this field is
- // empty or missing, this rule matches all sources (traffic not restricted by
- // source). If this field is present and contains at least one item, this rule
- // allows traffic only if the traffic matches at least one item in the from list.
- // +optional
- from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
-}
-
-// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
-// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
-// This type is beta-level in 1.8
-#NetworkPolicyEgressRule: {
- // ports is a list of destination ports for outgoing traffic.
- // Each item in this list is combined using a logical OR. If this field is
- // empty or missing, this rule matches all ports (traffic not restricted by port).
- // If this field is present and contains at least one item, then this rule allows
- // traffic only if the traffic matches at least one port in the list.
- // +optional
- ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
-
- // to is a list of destinations for outgoing traffic of pods selected for this rule.
- // Items in this list are combined using a logical OR operation. If this field is
- // empty or missing, this rule matches all destinations (traffic not restricted by
- // destination). If this field is present and contains at least one item, this rule
- // allows traffic only if the traffic matches at least one item in the to list.
- // +optional
- to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
-}
-
-// NetworkPolicyPort describes a port to allow traffic on
-#NetworkPolicyPort: {
- // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
- // If not specified, this field defaults to TCP.
- // +optional
- protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol)
-
- // port represents the port on the given protocol. This can either be a numerical or named
- // port on a pod. If this field is not provided, this matches all port names and
- // numbers.
- // If present, only traffic on the specified protocol AND port will be matched.
- // +optional
- port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt)
-
- // endPort indicates that the range of ports from port to endPort if set, inclusive,
- // should be allowed by the policy. This field cannot be defined if the port field
- // is not defined or if the port field is defined as a named (string) port.
- // The endPort must be equal or greater than port.
- // +optional
- endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt)
-}
-
-// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed
-// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
-// that should not be included within this rule.
-#IPBlock: {
- // cidr is a string representing the IPBlock
- // Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- cidr: string @go(CIDR) @protobuf(1,bytes)
-
- // except is a slice of CIDRs that should not be included within an IPBlock
- // Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- // Except values will be rejected if they are outside the cidr range
- // +optional
- except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep)
-}
-
-// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of
-// fields are allowed
-#NetworkPolicyPeer: {
- // podSelector is a label selector which selects pods. This field follows standard label
- // selector semantics; if present but empty, it selects all pods.
- //
- // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
- // the pods matching podSelector in the Namespaces selected by NamespaceSelector.
- // Otherwise it selects the pods matching podSelector in the policy's own namespace.
- // +optional
- podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // namespaceSelector selects namespaces using cluster-scoped labels. This field follows
- // standard label selector semantics; if present but empty, it selects all namespaces.
- //
- // If podSelector is also set, then the NetworkPolicyPeer as a whole selects
- // the pods matching podSelector in the namespaces selected by namespaceSelector.
- // Otherwise it selects all pods in the namespaces selected by namespaceSelector.
- // +optional
- namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // ipBlock defines policy on a particular IPBlock. If this field is set then
- // neither of the other fields can be.
- // +optional
- ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep)
-}
-
-// NetworkPolicyList is a list of NetworkPolicy objects.
-#NetworkPolicyList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of schema objects.
- items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep)
-}
-
-// Ingress is a collection of rules that allow inbound connections to reach the
-// endpoints defined by a backend. An Ingress can be configured to give services
-// externally-reachable urls, load balance traffic, terminate SSL, offer name
-// based virtual hosting etc.
-#Ingress: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec is the desired state of the Ingress.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status is the current state of the Ingress.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// IngressList is a collection of Ingress.
-#IngressList: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is the list of Ingress.
- items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep)
-}
-
-// IngressSpec describes the Ingress the user wishes to exist.
-#IngressSpec: {
- // ingressClassName is the name of an IngressClass cluster resource. Ingress
- // controller implementations use this field to know whether they should be
- // serving this Ingress resource, by a transitive connection
- // (controller -> IngressClass -> Ingress resource). Although the
- // `kubernetes.io/ingress.class` annotation (simple constant name) was never
- // formally defined, it was widely supported by Ingress controllers to create
- // a direct binding between Ingress controller and Ingress resources. Newly
- // created Ingress resources should prefer using the field. However, even
- // though the annotation is officially deprecated, for backwards compatibility
- // reasons, ingress controllers should still honor that annotation if present.
- // +optional
- ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt)
-
- // defaultBackend is the backend that should handle requests that don't
- // match any rule. If Rules are not specified, DefaultBackend must be specified.
- // If DefaultBackend is not set, the handling of requests that do not match any
- // of the rules will be up to the Ingress controller.
- // +optional
- defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt)
-
- // tls represents the TLS configuration. Currently the Ingress only supports a
- // single TLS port, 443. If multiple members of this list specify different hosts,
- // they will be multiplexed on the same port according to the hostname specified
- // through the SNI TLS extension, if the ingress controller fulfilling the
- // ingress supports SNI.
- // +listType=atomic
- // +optional
- tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep)
-
- // rules is a list of host rules used to configure the Ingress. If unspecified,
- // or no rule matches, all traffic is sent to the default backend.
- // +listType=atomic
- // +optional
- rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep)
-}
-
-// IngressTLS describes the transport layer security associated with an ingress.
-#IngressTLS: {
- // hosts is a list of hosts included in the TLS certificate. The values in
- // this list must match the name/s used in the tlsSecret. Defaults to the
- // wildcard host setting for the loadbalancer controller fulfilling this
- // Ingress, if left unspecified.
- // +listType=atomic
- // +optional
- hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep)
-
- // secretName is the name of the secret used to terminate TLS traffic on
- // port 443. Field is left optional to allow TLS routing based on SNI
- // hostname alone. If the SNI host in a listener conflicts with the "Host"
- // header field used by an IngressRule, the SNI host is used for termination
- // and value of the "Host" header is used for routing.
- // +optional
- secretName?: string @go(SecretName) @protobuf(2,bytes,opt)
-}
-
-// IngressStatus describe the current state of the Ingress.
-#IngressStatus: {
- // loadBalancer contains the current status of the load-balancer.
- // +optional
- loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
-}
-
-// IngressLoadBalancerStatus represents the status of a load-balancer.
-#IngressLoadBalancerStatus: {
- // ingress is a list containing ingress points for the load-balancer.
- // +optional
- ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep)
-}
-
-// IngressLoadBalancerIngress represents the status of a load-balancer ingress point.
-#IngressLoadBalancerIngress: {
- // ip is set for load-balancer ingress points that are IP based.
- // +optional
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // hostname is set for load-balancer ingress points that are DNS based.
- // +optional
- hostname?: string @go(Hostname) @protobuf(2,bytes,opt)
-
- // ports provides information about the ports exposed by this LoadBalancer.
- // +listType=atomic
- // +optional
- ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep)
-}
-
-// IngressPortStatus represents the error condition of a service port
-#IngressPortStatus: {
- // port is the port number of the ingress port.
- port: int32 @go(Port) @protobuf(1,varint,opt)
-
- // protocol is the protocol of the ingress port.
- // The supported values are: "TCP", "UDP", "SCTP"
- protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // error is to record the problem with the service port
- // The format of the error shall comply with the following rules:
- // - built-in error values shall be specified in this file and those shall use
- // CamelCase names
- // - cloud provider specific error values must have names that comply with the
- // format foo.example.com/CamelCase.
- // ---
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +optional
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- error?: null | string @go(Error,*string) @protobuf(3,bytes,opt)
-}
-
-// IngressRule represents the rules mapping the paths under a specified host to
-// the related backend services. Incoming requests are first evaluated for a host
-// match, then routed to the backend associated with the matching IngressRuleValue.
-#IngressRule: {
- // host is the fully qualified domain name of a network host, as defined by RFC 3986.
- // Note the following deviations from the "host" part of the
- // URI as defined in RFC 3986:
- // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
- // the IP in the Spec of the parent Ingress.
- // 2. The `:` delimiter is not respected because ports are not allowed.
- // Currently the port of an Ingress is implicitly :80 for http and
- // :443 for https.
- // Both these may change in the future.
- // Incoming requests are matched against the host before the
- // IngressRuleValue. If the host is unspecified, the Ingress routes all
- // traffic based on the specified IngressRuleValue.
- //
- // host can be "precise" which is a domain name without the terminating dot of
- // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
- // prefixed with a single wildcard label (e.g. "*.foo.com").
- // The wildcard character '*' must appear by itself as the first DNS label and
- // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
- // Requests will be matched against the Host field in the following way:
- // 1. If host is precise, the request matches this rule if the http host header is equal to Host.
- // 2. If host is a wildcard, then the request matches this rule if the http host header
- // is to equal to the suffix (removing the first label) of the wildcard rule.
- // +optional
- host?: string @go(Host) @protobuf(1,bytes,opt)
-
- #IngressRuleValue
-}
-
-// IngressRuleValue represents a rule to apply against incoming requests. If the
-// rule is satisfied, the request is routed to the specified backend. Currently
-// mixing different types of rules in a single Ingress is disallowed, so exactly
-// one of the following must be set.
-#IngressRuleValue: {
- // +optional
- http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt)
-}
-
-// HTTPIngressRuleValue is a list of http selectors pointing to backends.
-// In the example: http:///? -> backend where
-// where parts of the url correspond to RFC 3986, this resource will be used
-// to match against everything after the last '/' and before the first '?'
-// or '#'.
-#HTTPIngressRuleValue: {
- // paths is a collection of paths that map requests to backends.
- // +listType=atomic
- paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep)
-}
-
-// PathType represents the type of path referred to by a HTTPIngressPath.
-// +enum
-#PathType: string // #enumPathType
-
-#enumPathType:
- #PathTypeExact |
- #PathTypePrefix |
- #PathTypeImplementationSpecific
-
-// PathTypeExact matches the URL path exactly and with case sensitivity.
-#PathTypeExact: #PathType & "Exact"
-
-// PathTypePrefix matches based on a URL path prefix split by '/'. Matching
-// is case sensitive and done on a path element by element basis. A path
-// element refers to the list of labels in the path split by the '/'
-// separator. A request is a match for path p if every p is an element-wise
-// prefix of p of the request path. Note that if the last element of the
-// path is a substring of the last element in request path, it is not a
-// match (e.g. /foo/bar matches /foo/bar/baz, but does not match
-// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the
-// longest matching path is given priority.
-// Examples:
-// - /foo/bar does not match requests to /foo/barbaz
-// - /foo/bar matches request to /foo/bar and /foo/bar/baz
-// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are
-// present in an Ingress spec, the longest matching path (/foo/) is given
-// priority.
-#PathTypePrefix: #PathType & "Prefix"
-
-// PathTypeImplementationSpecific matching is up to the IngressClass.
-// Implementations can treat this as a separate PathType or treat it
-// identically to Prefix or Exact path types.
-#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific"
-
-// HTTPIngressPath associates a path with a backend. Incoming urls matching the
-// path are forwarded to the backend.
-#HTTPIngressPath: {
- // path is matched against the path of an incoming request. Currently it can
- // contain characters disallowed from the conventional "path" part of a URL
- // as defined by RFC 3986. Paths must begin with a '/' and must be present
- // when using PathType with value "Exact" or "Prefix".
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-
- // pathType determines the interpretation of the path matching. PathType can
- // be one of the following values:
- // * Exact: Matches the URL path exactly.
- // * Prefix: Matches based on a URL path prefix split by '/'. Matching is
- // done on a path element by element basis. A path element refers is the
- // list of labels in the path split by the '/' separator. A request is a
- // match for path p if every p is an element-wise prefix of p of the
- // request path. Note that if the last element of the path is a substring
- // of the last element in request path, it is not a match (e.g. /foo/bar
- // matches /foo/bar/baz, but does not match /foo/barbaz).
- // * ImplementationSpecific: Interpretation of the Path matching is up to
- // the IngressClass. Implementations can treat this as a separate PathType
- // or treat it identically to Prefix or Exact path types.
- // Implementations are required to support all path types.
- pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt)
-
- // backend defines the referenced service endpoint to which the traffic
- // will be forwarded to.
- backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt)
-}
-
-// IngressBackend describes all endpoints for a given service and port.
-#IngressBackend: {
- // service references a service as a backend.
- // This is a mutually exclusive setting with "Resource".
- // +optional
- service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt)
-
- // resource is an ObjectRef to another Kubernetes resource in the namespace
- // of the Ingress object. If resource is specified, a service.Name and
- // service.Port must not be specified.
- // This is a mutually exclusive setting with "Service".
- // +optional
- resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt)
-}
-
-// IngressServiceBackend references a Kubernetes Service as a Backend.
-#IngressServiceBackend: {
- // name is the referenced service. The service must exist in
- // the same namespace as the Ingress object.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // port of the referenced service. A port name or port number
- // is required for a IngressServiceBackend.
- port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt)
-}
-
-// ServiceBackendPort is the service port being referenced.
-#ServiceBackendPort: {
- // name is the name of the port on the Service.
- // This is a mutually exclusive setting with "Number".
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // number is the numerical port number (e.g. 80) on the Service.
- // This is a mutually exclusive setting with "Name".
- // +optional
- number?: int32 @go(Number) @protobuf(2,bytes,opt)
-}
-
-// IngressClass represents the class of the Ingress, referenced by the Ingress
-// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
-// used to indicate that an IngressClass should be considered default. When a
-// single IngressClass resource has this annotation set to true, new Ingress
-// resources without a class specified will be assigned this default class.
-#IngressClass: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec is the desired state of the IngressClass.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// IngressClassSpec provides information about the class of an Ingress.
-#IngressClassSpec: {
- // controller refers to the name of the controller that should handle this
- // class. This allows for different "flavors" that are controlled by the
- // same controller. For example, you may have different parameters for the
- // same implementing controller. This should be specified as a
- // domain-prefixed path no more than 250 characters in length, e.g.
- // "acme.io/ingress-controller". This field is immutable.
- controller?: string @go(Controller) @protobuf(1,bytes,opt)
-
- // parameters is a link to a custom resource containing additional
- // configuration for the controller. This is optional if the controller does
- // not require extra parameters.
- // +optional
- parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt)
-}
-
-// IngressClassParametersReferenceScopeNamespace indicates that the
-// referenced Parameters resource is namespace-scoped.
-#IngressClassParametersReferenceScopeNamespace: "Namespace"
-
-// IngressClassParametersReferenceScopeCluster indicates that the
-// referenced Parameters resource is cluster-scoped.
-#IngressClassParametersReferenceScopeCluster: "Cluster"
-
-// IngressClassParametersReference identifies an API object. This can be used
-// to specify a cluster or namespace-scoped resource.
-#IngressClassParametersReference: {
- // apiGroup is the group for the resource being referenced. If APIGroup is
- // not specified, the specified Kind must be in the core API group. For any
- // other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup)
-
- // kind is the type of resource being referenced.
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // name is the name of resource being referenced.
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // scope represents if this refers to a cluster or namespace scoped resource.
- // This may be set to "Cluster" (default) or "Namespace".
- // +optional
- scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt)
-
- // namespace is the namespace of the resource being referenced. This field is
- // required when scope is set to "Namespace" and must be unset when scope is set to
- // "Cluster".
- // +optional
- namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt)
-}
-
-// IngressClassList is a collection of IngressClasses.
-#IngressClassList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is the list of IngressClasses.
- items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue
deleted file mode 100644
index bee74f4b6..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue
+++ /dev/null
@@ -1,11 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/networking/v1
-
-package v1
-
-// AnnotationIsDefaultIngressClass can be used to indicate that an
-// IngressClass should be considered default. When a single IngressClass
-// resource has this annotation set to true, new Ingress resources without a
-// class specified will be assigned this default class.
-#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
deleted file mode 100644
index cef44ba5c..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Scale is used for getting and setting the base-10 scaled value.
-// Base-2 scales are omitted for mathematical simplicity.
-// See Quantity.ScaledValue for more details.
-#Scale: int32 // #enumScale
-
-#enumScale:
- #Nano |
- #Micro |
- #Milli |
- #Kilo |
- #Mega |
- #Giga |
- #Tera |
- #Peta |
- #Exa
-
-#values_Scale: {
- Nano: #Nano
- Micro: #Micro
- Milli: #Milli
- Kilo: #Kilo
- Mega: #Mega
- Giga: #Giga
- Tera: #Tera
- Peta: #Peta
- Exa: #Exa
-}
-
-#Nano: #Scale & -9
-#Micro: #Scale & -6
-#Milli: #Scale & -3
-#Kilo: #Scale & 3
-#Mega: #Scale & 6
-#Giga: #Scale & 9
-#Tera: #Scale & 12
-#Peta: #Scale & 15
-#Exa: #Scale & 18
-
-// infDecAmount implements common operations over an inf.Dec that are specific to the quantity
-// representation.
-_#infDecAmount: string
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
deleted file mode 100644
index 711f2096f..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
+++ /dev/null
@@ -1,13 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64.
-// It is also the maximum decimal digits that can be represented with an int64.
-_#maxInt64Factors: 18
-
-_#mostNegative: -9223372036854775808
-
-_#mostPositive: 9223372036854775807
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
deleted file mode 100644
index 9d9713a1b..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
+++ /dev/null
@@ -1,107 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Quantity is a fixed-point representation of a number.
-// It provides convenient marshaling/unmarshaling in JSON and YAML,
-// in addition to String() and AsInt64() accessors.
-//
-// The serialization format is:
-//
-// ```
-// ::=
-//
-// (Note that may be empty, from the "" case in .)
-//
-// ::= 0 | 1 | ... | 9
-// ::= |
-// ::= | . | . | .
-// ::= "+" | "-"
-// ::= |
-// ::= | |
-// ::= Ki | Mi | Gi | Ti | Pi | Ei
-//
-// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
-//
-// ::= m | "" | k | M | G | T | P | E
-//
-// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
-//
-// ::= "e" | "E"
-// ```
-//
-// No matter which of the three exponent forms is used, no quantity may represent
-// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal
-// places. Numbers larger or more precise will be capped or rounded up.
-// (E.g.: 0.1m will rounded up to 1m.)
-// This may be extended in the future if we require larger or smaller quantities.
-//
-// When a Quantity is parsed from a string, it will remember the type of suffix
-// it had, and will use the same type again when it is serialized.
-//
-// Before serializing, Quantity will be put in "canonical form".
-// This means that Exponent/suffix will be adjusted up or down (with a
-// corresponding increase or decrease in Mantissa) such that:
-//
-// - No precision is lost
-// - No fractional digits will be emitted
-// - The exponent (or suffix) is as large as possible.
-//
-// The sign will be omitted unless the number is negative.
-//
-// Examples:
-//
-// - 1.5 will be serialized as "1500m"
-// - 1.5Gi will be serialized as "1536Mi"
-//
-// Note that the quantity will NEVER be internally represented by a
-// floating point number. That is the whole point of this exercise.
-//
-// Non-canonical values will still parse as long as they are well formed,
-// but will be re-emitted in their canonical form. (So always use canonical
-// form, or don't diff.)
-//
-// This format is intended to make it difficult to use these numbers without
-// writing some sort of special handling code in the hopes that that will
-// cause implementors to also use a fixed point implementation.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-// +k8s:openapi-gen=true
-#Quantity: _
-
-// CanonicalValue allows a quantity amount to be converted to a string.
-#CanonicalValue: _
-
-// Format lists the three possible formattings of a quantity.
-#Format: string // #enumFormat
-
-#enumFormat:
- #DecimalExponent |
- #BinarySI |
- #DecimalSI
-
-#DecimalExponent: #Format & "DecimalExponent"
-#BinarySI: #Format & "BinarySI"
-#DecimalSI: #Format & "DecimalSI"
-
-// splitREString is used to separate a number from its suffix; as such,
-// this is overly permissive, but that's OK-- it will be checked later.
-_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
-
-_#int64QuantityExpectedBytes: 18
-
-// QuantityValue makes it possible to use a Quantity as value for a command
-// line parameter.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-#QuantityValue: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
deleted file mode 100644
index b40d68ec1..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-_#suffix: string
-
-// suffixer can interpret and construct suffixes.
-_#suffixer: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
deleted file mode 100644
index 25ea8ecf1..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Duration is a wrapper around time.Duration which supports correct
-// marshaling to YAML and JSON. In particular, it marshals into strings, which
-// can be used as map keys in json.
-#Duration: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
deleted file mode 100644
index 7ff538603..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- resource: string @go(Resource) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- resource: string @go(Resource) @protobuf(3,bytes,opt)
-}
-
-// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-}
-
-// GroupVersion contains the "group" and the "version", which uniquely identifies the API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersion: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
deleted file mode 100644
index f3c39a466..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
+++ /dev/null
@@ -1,33 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// TODO: move this, Object, List, and Type to a different package
-#ObjectMetaAccessor: _
-
-// Object lets you work with object metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field (Name, UID, Namespace on lists) will be a no-op and return
-// a default value.
-#Object: _
-
-// ListMetaAccessor retrieves the list interface from an object
-#ListMetaAccessor: _
-
-// Common lets you work with core metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Common: _
-
-// ListInterface lets you work with list metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#ListInterface: _
-
-// Type exposes the type and APIVersion of versioned or internal API objects.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Type: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
deleted file mode 100644
index 3c067bae3..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00"
-
-// MicroTime is version of Time with microsecond level precision.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#MicroTime: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
deleted file mode 100644
index 39d23b288..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#GroupName: "meta.k8s.io"
-
-#WatchEventKind: "WatchEvent"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
deleted file mode 100644
index b3c8ec266..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Time is a wrapper around time.Time which supports correct
-// marshaling to YAML and JSON. Wrappers are provided for many
-// of the factory methods that the time package offers.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Time: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
deleted file mode 100644
index 835392730..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Timestamp is a struct that is equivalent to Time, but intended for
-// protobuf marshalling/unmarshalling. It is generated into a serialization
-// that matches Time. Do not use in Go structs.
-#Timestamp: {
- // Represents seconds of UTC time since Unix epoch
- // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
- // 9999-12-31T23:59:59Z inclusive.
- seconds: int64 @go(Seconds) @protobuf(1,varint,opt)
-
- // Non-negative fractions of a second at nanosecond resolution. Negative
- // second values with fractions must still have non-negative nanos values
- // that count forward in time. Must be from 0 to 999,999,999
- // inclusive. This field may be limited in precision depending on context.
- nanos: int32 @go(Nanos) @protobuf(2,varint,opt)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
deleted file mode 100644
index a0deb7c90..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
+++ /dev/null
@@ -1,1561 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-// Package v1 contains API types that are common to all versions.
-//
-// The package contains two categories of types:
-// - external (serialized) types that lack their own version (e.g TypeMeta)
-// - internal (never-serialized) types that are needed by several different
-// api groups, and so live here, to avoid duplication and/or import loops
-// (e.g. LabelSelector).
-//
-// In the future, we will probably move these categories of objects into
-// separate packages.
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-// TypeMeta describes an individual object in an API response or request
-// with strings representing the type of the object and its API schema version.
-// Structures that are versioned or persisted should inline TypeMeta.
-//
-// +k8s:deepcopy-gen=false
-#TypeMeta: {
- // Kind is a string value representing the REST resource this object represents.
- // Servers may infer this from the endpoint the client submits requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // APIVersion defines the versioned schema of this representation of an object.
- // Servers should convert recognized schemas to the latest internal value, and
- // may reject unrecognized values.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt)
-}
-
-// ListMeta describes metadata that synthetic resources must have, including lists and
-// various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
-#ListMeta: {
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt)
-
- // String that identifies the server's internal version of this object that
- // can be used by clients to determine when objects have changed.
- // Value must be treated as opaque by clients and passed unmodified back to the server.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt)
-
- // continue may be set if the user set a limit on the number of items returned, and indicates that
- // the server has more data available. The value is opaque and may be used to issue another request
- // to the endpoint that served this list to retrieve the next set of available objects. Continuing a
- // consistent list may not be possible if the server configuration has changed or more than a few
- // minutes have passed. The resourceVersion field returned when using this continue value will be
- // identical to the value in the first response, unless you have received this token from an error
- // message.
- continue?: string @go(Continue) @protobuf(3,bytes,opt)
-
- // remainingItemCount is the number of subsequent items in the list which are not included in this
- // list response. If the list request contained label or field selectors, then the number of
- // remaining items is unknown and the field will be left unset and omitted during serialization.
- // If the list is complete (either because it is not chunking or because this is the last chunk),
- // then there are no more remaining items and this field will be left unset and omitted during
- // serialization.
- // Servers older than v1.15 do not set this field.
- // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients
- // should not rely on the remainingItemCount to be set or to be exact.
- // +optional
- remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt)
-}
-
-#ObjectNameField: "metadata.name"
-
-#FinalizerOrphanDependents: "orphan"
-#FinalizerDeleteDependents: "foregroundDeletion"
-
-// ObjectMeta is metadata that all persisted resources must have, which includes all objects
-// users must create.
-#ObjectMeta: {
- // Name must be unique within a namespace. Is required when creating resources, although
- // some resources may allow a client to request the generation of an appropriate name
- // automatically. Name is primarily intended for creation idempotence and configuration
- // definition.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // GenerateName is an optional prefix, used by the server, to generate a unique
- // name ONLY IF the Name field has not been provided.
- // If this field is used, the name returned to the client will be different
- // than the name passed. This value will also be combined with a unique suffix.
- // The provided value has the same validation rules as the Name field,
- // and may be truncated by the length of the suffix required to make the value
- // unique on the server.
- //
- // If this field is specified and the generated name exists, the server will return a 409.
- //
- // Applied only if Name is not specified.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- // +optional
- generateName?: string @go(GenerateName) @protobuf(2,bytes,opt)
-
- // Namespace defines the space within which each name must be unique. An empty namespace is
- // equivalent to the "default" namespace, but "default" is the canonical representation.
- // Not all objects are required to be scoped to a namespace - the value of this field for
- // those objects will be empty.
- //
- // Must be a DNS_LABEL.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- // +optional
- namespace?: string @go(Namespace) @protobuf(3,bytes,opt)
-
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt)
-
- // UID is the unique in time and space value for this object. It is typically generated by
- // the server on successful creation of a resource and is not allowed to change on PUT
- // operations.
- //
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID)
-
- // An opaque value that represents the internal version of this object that can
- // be used by clients to determine when objects have changed. May be used for optimistic
- // concurrency, change detection, and the watch operation on a resource or set of resources.
- // Clients must treat these values as opaque and passed unmodified back to the server.
- // They may only be valid for a particular resource or set of resources.
- //
- // Populated by the system.
- // Read-only.
- // Value must be treated as opaque by clients and .
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // A sequence number representing a specific generation of the desired state.
- // Populated by the system. Read-only.
- // +optional
- generation?: int64 @go(Generation) @protobuf(7,varint,opt)
-
- // CreationTimestamp is a timestamp representing the server time when this object was
- // created. It is not guaranteed to be set in happens-before order across separate operations.
- // Clients may not set this value. It is represented in RFC3339 form and is in UTC.
- //
- // Populated by the system.
- // Read-only.
- // Null for lists.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt)
-
- // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
- // field is set by the server when a graceful deletion is requested by the user, and is not
- // directly settable by a client. The resource is expected to be deleted (no longer visible
- // from resource lists, and not reachable by name) after the time in this field, once the
- // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked.
- // Once the deletionTimestamp is set, this value may not be unset or be set further into the
- // future, although it may be shortened or the resource may be deleted prior to this time.
- // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react
- // by sending a graceful termination signal to the containers in the pod. After that 30 seconds,
- // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup,
- // remove the pod from the API. In the presence of network partitions, this object may still
- // exist after this timestamp, until an administrator or automated process can determine the
- // resource is fully terminated.
- // If not set, graceful deletion of the object has not been requested.
- //
- // Populated by the system when a graceful deletion is requested.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt)
-
- // Number of seconds allowed for this object to gracefully terminate before
- // it will be removed from the system. Only set when deletionTimestamp is also set.
- // May only be shortened.
- // Read-only.
- // +optional
- deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt)
-
- // Map of string keys and values that can be used to organize and categorize
- // (scope and select) objects. May match selectors of replication controllers
- // and services.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- // +optional
- labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep)
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set by external tools to store and retrieve arbitrary metadata. They are not
- // queryable and should be preserved when modifying objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- // +optional
- annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep)
-
- // List of objects depended by this object. If ALL objects in the list have
- // been deleted, this object will be garbage collected. If this object is managed by a controller,
- // then an entry in this list will point to this controller, with the controller field set to true.
- // There cannot be more than one managing controller.
- // +optional
- // +patchMergeKey=uid
- // +patchStrategy=merge
- ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep)
-
- // Must be empty before the object is deleted from the registry. Each entry
- // is an identifier for the responsible component that will remove the entry
- // from the list. If the deletionTimestamp of the object is non-nil, entries
- // in this list can only be removed.
- // Finalizers may be processed and removed in any order. Order is NOT enforced
- // because it introduces significant risk of stuck finalizers.
- // finalizers is a shared field, any actor with permission can reorder it.
- // If the finalizer list is processed in order, then this can lead to a situation
- // in which the component responsible for the first finalizer in the list is
- // waiting for a signal (field value, external system, or other) produced by a
- // component responsible for a finalizer later in the list, resulting in a deadlock.
- // Without enforced ordering finalizers are free to order amongst themselves and
- // are not vulnerable to ordering changes in the list.
- // +optional
- // +patchStrategy=merge
- finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep)
-
- // ManagedFields maps workflow-id and version to the set of fields
- // that are managed by that workflow. This is mostly for internal
- // housekeeping, and users typically shouldn't need to set or
- // understand this field. A workflow can be the user's name, a
- // controller's name, or the name of a specific apply path like
- // "ci-cd". The set of fields is always in the version that the
- // workflow used when modifying the object.
- //
- // +optional
- managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep)
-}
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNone is the argument for a context when there is no namespace.
-#NamespaceNone: ""
-
-// NamespaceSystem is the system namespace where we place system components.
-#NamespaceSystem: "kube-system"
-
-// NamespacePublic is the namespace where we place public info (ConfigMaps)
-#NamespacePublic: "kube-public"
-
-// OwnerReference contains enough information to let you identify an owning
-// object. An owning object must be in the same namespace as the dependent, or
-// be cluster-scoped, so there is no namespace field.
-// +structType=atomic
-#OwnerReference: {
- // API version of the referent.
- apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // If true, this reference points to the managing controller.
- // +optional
- controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt)
-
- // If true, AND if the owner has the "foregroundDeletion" finalizer, then
- // the owner cannot be deleted from the key-value store until this
- // reference is removed.
- // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- // for how the garbage collector interacts with this field and enforces the foreground deletion.
- // Defaults to false.
- // To set this field, a user needs "delete" permission of the owner,
- // otherwise 422 (Unprocessable Entity) will be returned.
- // +optional
- blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt)
-}
-
-// ListOptions is the query options to a standard REST list call.
-#ListOptions: {
- #TypeMeta
-
- // A selector to restrict the list of returned objects by their labels.
- // Defaults to everything.
- // +optional
- labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt)
-
- // A selector to restrict the list of returned objects by their fields.
- // Defaults to everything.
- // +optional
- fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt)
-
- // Watch for changes to the described resources and return them as a stream of
- // add, update, and remove notifications. Specify resourceVersion.
- // +optional
- watch?: bool @go(Watch) @protobuf(3,varint,opt)
-
- // allowWatchBookmarks requests watch events with type "BOOKMARK".
- // Servers that do not implement bookmarks may ignore this flag and
- // bookmarks are sent at the server's discretion. Clients should not
- // assume bookmarks are returned at any specific interval, nor may they
- // assume the server will send any BOOKMARK event during a session.
- // If this is not a watch, this field is ignored.
- // +optional
- allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt)
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // resourceVersionMatch determines how resourceVersion is applied to list calls.
- // It is highly recommended that resourceVersionMatch be set for list calls where
- // resourceVersion is set
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch)
-
- // Timeout for the list/watch call.
- // This limits the duration of the call, regardless of any activity or inactivity.
- // +optional
- timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt)
-
- // limit is a maximum number of responses to return for a list call. If more items exist, the
- // server will set the `continue` field on the list metadata to a value that can be used with the
- // same initial query to retrieve the next set of results. Setting a limit may return fewer than
- // the requested amount of items (up to zero items) in the event all requested objects are
- // filtered out and clients should only use the presence of the continue field to determine whether
- // more results are available. Servers may choose not to support the limit argument and will return
- // all of the available results. If limit is specified and the continue field is empty, clients may
- // assume that no more results are available. This field is not supported if watch is true.
- //
- // The server guarantees that the objects returned when using continue will be identical to issuing
- // a single list call without a limit - that is, no objects created, modified, or deleted after the
- // first request is issued will be included in any subsequent continued requests. This is sometimes
- // referred to as a consistent snapshot, and ensures that a client that is using limit to receive
- // smaller chunks of a very large result can ensure they see all possible objects. If objects are
- // updated during a chunked list the version of the object that was present at the time the first list
- // result was calculated is returned.
- limit?: int64 @go(Limit) @protobuf(7,varint,opt)
-
- // The continue option should be set when retrieving more results from the server. Since this value is
- // server defined, clients may only use the continue value from a previous query result with identical
- // query parameters (except for the value of continue) and the server may reject a continue value it
- // does not recognize. If the specified continue value is no longer valid whether due to expiration
- // (generally five to fifteen minutes) or a configuration change on the server, the server will
- // respond with a 410 ResourceExpired error together with a continue token. If the client needs a
- // consistent list, it must restart their list without the continue field. Otherwise, the client may
- // send another list request with the token received with the 410 error, the server will respond with
- // a list starting from the next key, but from the latest snapshot, which is inconsistent from the
- // previous list results - objects that are created, modified, or deleted after the first list request
- // will be included in the response, as long as their keys are after the "next key".
- //
- // This field is not supported when watch is true. Clients may start a watch from the last
- // resourceVersion value returned by the server and not miss any modifications.
- continue?: string @go(Continue) @protobuf(8,bytes,opt)
-
- // `sendInitialEvents=true` may be set together with `watch=true`.
- // In that case, the watch stream will begin with synthetic events to
- // produce the current state of objects in the collection. Once all such
- // events have been sent, a synthetic "Bookmark" event will be sent.
- // The bookmark will report the ResourceVersion (RV) corresponding to the
- // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation.
- // Afterwards, the watch stream will proceed as usual, sending watch events
- // corresponding to changes (subsequent to the RV) to objects watched.
- //
- // When `sendInitialEvents` option is set, we require `resourceVersionMatch`
- // option to also be set. The semantic of the watch request is as following:
- // - `resourceVersionMatch` = NotOlderThan
- // is interpreted as "data at least as new as the provided `resourceVersion`"
- // and the bookmark event is send when the state is synced
- // to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
- // If `resourceVersion` is unset, this is interpreted as "consistent read" and the
- // bookmark event is send when the state is synced at least to the moment
- // when request started being processed.
- // - `resourceVersionMatch` set to any other value or unset
- // Invalid error is returned.
- //
- // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward
- // compatibility reasons) and to false otherwise.
- // +optional
- sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt)
-}
-
-// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch
-// may only be set if resourceVersion is also set.
-//
-// "NotOlderThan" matches data at least as new as the provided resourceVersion.
-// "Exact" matches data at the exact resourceVersion provided.
-//
-// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
-// details.
-#ResourceVersionMatch: string // #enumResourceVersionMatch
-
-#enumResourceVersionMatch:
- #ResourceVersionMatchNotOlderThan |
- #ResourceVersionMatchExact
-
-// ResourceVersionMatchNotOlderThan matches data at least as new as the provided
-// resourceVersion.
-#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan"
-
-// ResourceVersionMatchExact matches data at the exact resourceVersion
-// provided.
-#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact"
-
-// GetOptions is the standard query options to the standard REST get call.
-#GetOptions: {
- #TypeMeta
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt)
-}
-
-// DeletionPropagation decides if a deletion will propagate to the dependents of
-// the object, and how the garbage collector will handle the propagation.
-#DeletionPropagation: string // #enumDeletionPropagation
-
-#enumDeletionPropagation:
- #DeletePropagationOrphan |
- #DeletePropagationBackground |
- #DeletePropagationForeground
-
-// Orphans the dependents.
-#DeletePropagationOrphan: #DeletionPropagation & "Orphan"
-
-// Deletes the object from the key-value store, the garbage collector will
-// delete the dependents in the background.
-#DeletePropagationBackground: #DeletionPropagation & "Background"
-
-// The object exists in the key-value store until the garbage collector
-// deletes all the dependents whose ownerReference.blockOwnerDeletion=true
-// from the key-value store. API sever will put the "foregroundDeletion"
-// finalizer on the object, and sets its deletionTimestamp. This policy is
-// cascading, i.e., the dependents will be deleted with Foreground.
-#DeletePropagationForeground: #DeletionPropagation & "Foreground"
-
-// DryRunAll means to complete all processing stages, but don't
-// persist changes to storage.
-#DryRunAll: "All"
-
-// DeleteOptions may be provided when deleting an API object.
-#DeleteOptions: {
- #TypeMeta
-
- // The duration in seconds before the object should be deleted. Value must be non-negative integer.
- // The value zero indicates delete immediately. If this value is nil, the default grace period for the
- // specified type will be used.
- // Defaults to a per object value if not specified. zero means delete immediately.
- // +optional
- gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt)
-
- // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
- // returned.
- // +k8s:conversion-gen=false
- // +optional
- preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt)
-
- // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
- // Should the dependent objects be orphaned. If true/false, the "orphan"
- // finalizer will be added to/removed from the object's finalizers list.
- // Either this field or PropagationPolicy may be set, but not both.
- // +optional
- orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt)
-
- // Whether and how garbage collection will be performed.
- // Either this field or OrphanDependents may be set, but not both.
- // The default policy is decided by the existing finalizer set in the
- // metadata.finalizers and the resource-specific default policy.
- // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
- // allow the garbage collector to delete the dependents in the background;
- // 'Foreground' - a cascading policy that deletes all dependents in the
- // foreground.
- // +optional
- propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt)
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep)
-}
-
-// FieldValidationIgnore ignores unknown/duplicate fields
-#FieldValidationIgnore: "Ignore"
-
-// FieldValidationWarn responds with a warning, but successfully serve the request
-#FieldValidationWarn: "Warn"
-
-// FieldValidationStrict fails the request on unknown/duplicate fields
-#FieldValidationStrict: "Strict"
-
-// CreateOptions may be provided when creating an API object.
-#CreateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// PatchOptions may be provided when patching an API object.
-// PatchOptions is meant to be a superset of UpdateOptions.
-#PatchOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people. Force
- // flag must be unset for non-apply patch requests.
- // +optional
- force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required for apply requests
- // (application/apply-patch) but optional for non-apply patch
- // types (JsonPatch, MergePatch, StrategicMergePatch).
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// ApplyOptions may be provided when applying an API object.
-// FieldManager is required for apply requests.
-// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation
-// that speaks specifically to how the options fields relate to apply.
-#ApplyOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people.
- force: bool @go(Force) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required.
- fieldManager: string @go(FieldManager) @protobuf(3,bytes)
-}
-
-// UpdateOptions may be provided when updating an API object.
-// All fields in UpdateOptions should also be present in PatchOptions.
-#UpdateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(2,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // Specifies the target ResourceVersion
- // +optional
- resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt)
-}
-
-// Status is a return value for calls that don't return other objects.
-#Status: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Status of the operation.
- // One of: "Success" or "Failure".
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: string @go(Status) @protobuf(2,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A machine-readable description of why this operation is in the
- // "Failure" status. If this value is empty there
- // is no information available. A Reason clarifies an HTTP status
- // code but does not override it.
- // +optional
- reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason)
-
- // Extended data associated with the reason. Each reason may define its
- // own extended details. This field is optional and the data returned
- // is not guaranteed to conform to any schema except that defined by
- // the reason type.
- // +optional
- details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt)
-
- // Suggested HTTP return code for this status, 0 if not set.
- // +optional
- code?: int32 @go(Code) @protobuf(6,varint,opt)
-}
-
-// StatusDetails is a set of additional properties that MAY be set by the
-// server to provide additional information about a response. The Reason
-// field of a Status object defines what attributes will be set. Clients
-// must ignore fields that do not match the defined type of each attribute,
-// and should assume that any attribute may be empty, invalid, or under
-// defined.
-#StatusDetails: {
- // The name attribute of the resource associated with the status StatusReason
- // (when there is a single name which can be described).
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The group attribute of the resource associated with the status StatusReason.
- // +optional
- group?: string @go(Group) @protobuf(2,bytes,opt)
-
- // The kind attribute of the resource associated with the status StatusReason.
- // On some operations may differ from the requested resource Kind.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(3,bytes,opt)
-
- // UID of the resource.
- // (when there is a single resource which can be described).
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // The Causes array includes more details associated with the StatusReason
- // failure. Not all StatusReasons may provide detailed causes.
- // +optional
- causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep)
-
- // If specified, the time in seconds before the operation should be retried. Some errors may indicate
- // the client must take an alternate action - for those errors this field may indicate how long to wait
- // before taking the alternate action.
- // +optional
- retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt)
-}
-
-#StatusSuccess: "Success"
-#StatusFailure: "Failure"
-
-// StatusReason is an enumeration of possible failure causes. Each StatusReason
-// must map to a single HTTP status code, but multiple reasons may map
-// to the same HTTP status code.
-// TODO: move to apiserver
-#StatusReason: string // #enumStatusReason
-
-#enumStatusReason:
- #StatusReasonUnknown |
- #StatusReasonUnauthorized |
- #StatusReasonForbidden |
- #StatusReasonNotFound |
- #StatusReasonAlreadyExists |
- #StatusReasonConflict |
- #StatusReasonGone |
- #StatusReasonInvalid |
- #StatusReasonServerTimeout |
- #StatusReasonTimeout |
- #StatusReasonTooManyRequests |
- #StatusReasonBadRequest |
- #StatusReasonMethodNotAllowed |
- #StatusReasonNotAcceptable |
- #StatusReasonRequestEntityTooLarge |
- #StatusReasonUnsupportedMediaType |
- #StatusReasonInternalError |
- #StatusReasonExpired |
- #StatusReasonServiceUnavailable
-
-// StatusReasonUnknown means the server has declined to indicate a specific reason.
-// The details field may contain other information about this error.
-// Status code 500.
-#StatusReasonUnknown: #StatusReason & ""
-
-// StatusReasonUnauthorized means the server can be reached and understood the request, but requires
-// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header)
-// in order for the action to be completed. If the user has specified credentials on the request, the
-// server considers them insufficient.
-// Status code 401
-#StatusReasonUnauthorized: #StatusReason & "Unauthorized"
-
-// StatusReasonForbidden means the server can be reached and understood the request, but refuses
-// to take any further action. It is the result of the server being configured to deny access for some reason
-// to the requested resource by the client.
-// Details (optional):
-// "kind" string - the kind attribute of the forbidden resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the forbidden resource
-// Status code 403
-#StatusReasonForbidden: #StatusReason & "Forbidden"
-
-// StatusReasonNotFound means one or more resources required for this operation
-// could not be found.
-// Details (optional):
-// "kind" string - the kind attribute of the missing resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the missing resource
-// Status code 404
-#StatusReasonNotFound: #StatusReason & "NotFound"
-
-// StatusReasonAlreadyExists means the resource you are creating already exists.
-// Details (optional):
-// "kind" string - the kind attribute of the conflicting resource
-// "id" string - the identifier of the conflicting resource
-// Status code 409
-#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists"
-
-// StatusReasonConflict means the requested operation cannot be completed
-// due to a conflict in the operation. The client may need to alter the
-// request. Each resource may define custom details that indicate the
-// nature of the conflict.
-// Status code 409
-#StatusReasonConflict: #StatusReason & "Conflict"
-
-// StatusReasonGone means the item is no longer available at the server and no
-// forwarding address is known.
-// Status code 410
-#StatusReasonGone: #StatusReason & "Gone"
-
-// StatusReasonInvalid means the requested create or update operation cannot be
-// completed due to invalid data provided as part of the request. The client may
-// need to alter the request. When set, the client may use the StatusDetails
-// message field as a summary of the issues encountered.
-// Details (optional):
-// "kind" string - the kind attribute of the invalid resource
-// "id" string - the identifier of the invalid resource
-// "causes" - one or more StatusCause entries indicating the data in the
-// provided resource that was invalid. The code, message, and
-// field attributes will be set.
-// Status code 422
-#StatusReasonInvalid: #StatusReason & "Invalid"
-
-// StatusReasonServerTimeout means the server can be reached and understood the request,
-// but cannot complete the action in a reasonable time. The client should retry the request.
-// This is may be due to temporary server load or a transient communication issue with
-// another server. Status code 500 is used because the HTTP spec provides no suitable
-// server-requested client retry and the 5xx class represents actionable errors.
-// Details (optional):
-// "kind" string - the kind attribute of the resource being acted on.
-// "id" string - the operation that is being attempted.
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 500
-#StatusReasonServerTimeout: #StatusReason & "ServerTimeout"
-
-// StatusReasonTimeout means that the request could not be completed within the given time.
-// Clients can get this response only when they specified a timeout param in the request,
-// or if the server cannot complete the operation within a reasonable amount of time.
-// The request might succeed with an increased value of timeout param. The client *should*
-// wait at least the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 504
-#StatusReasonTimeout: #StatusReason & "Timeout"
-
-// StatusReasonTooManyRequests means the server experienced too many requests within a
-// given window and that the client must wait to perform the action again. A client may
-// always retry the request that led to this error, although the client should wait at least
-// the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 429
-#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests"
-
-// StatusReasonBadRequest means that the request itself was invalid, because the request
-// doesn't make any sense, for example deleting a read-only object. This is different than
-// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the
-// data was invalid. API calls that return BadRequest can never succeed.
-// Status code 400
-#StatusReasonBadRequest: #StatusReason & "BadRequest"
-
-// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the
-// resource was not supported by the code - for instance, attempting to delete a resource that
-// can only be created. API calls that return MethodNotAllowed can never succeed.
-// Status code 405
-#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed"
-
-// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable
-// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml.
-// API calls that return NotAcceptable can never succeed.
-// Status code 406
-#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable"
-
-// StatusReasonRequestEntityTooLarge means that the request entity is too large.
-// Status code 413
-#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge"
-
-// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable
-// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml.
-// API calls that return UnsupportedMediaType can never succeed.
-// Status code 415
-#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType"
-
-// StatusReasonInternalError indicates that an internal error occurred, it is unexpected
-// and the outcome of the call is unknown.
-// Details (optional):
-// "causes" - The original error
-// Status code 500
-#StatusReasonInternalError: #StatusReason & "InternalError"
-
-// StatusReasonExpired indicates that the request is invalid because the content you are requesting
-// has expired and is no longer available. It is typically associated with watches that can't be
-// serviced.
-// Status code 410 (gone)
-#StatusReasonExpired: #StatusReason & "Expired"
-
-// StatusReasonServiceUnavailable means that the request itself was valid,
-// but the requested service is unavailable at this time.
-// Retrying the request after some time might succeed.
-// Status code 503
-#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable"
-
-// StatusCause provides more information about an api.Status failure, including
-// cases when multiple errors are encountered.
-#StatusCause: {
- // A machine-readable description of the cause of the error. If this value is
- // empty there is no information available.
- // +optional
- reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType)
-
- // A human-readable description of the cause of the error. This field may be
- // presented as-is to a reader.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // The field of the resource that has caused this error, as named by its JSON
- // serialization. May include dot and postfix notation for nested attributes.
- // Arrays are zero-indexed. Fields may appear more than once in an array of
- // causes due to fields having multiple errors.
- // Optional.
- //
- // Examples:
- // "name" - the field "name" on the current resource
- // "items[0].name" - the field "name" on the first array entry in "items"
- // +optional
- field?: string @go(Field) @protobuf(3,bytes,opt)
-}
-
-// CauseType is a machine readable value providing more detail about what
-// occurred in a status response. An operation may have multiple causes for a
-// status (whether Failure or Success).
-#CauseType: string // #enumCauseType
-
-#enumCauseType:
- #CauseTypeFieldValueNotFound |
- #CauseTypeFieldValueRequired |
- #CauseTypeFieldValueDuplicate |
- #CauseTypeFieldValueInvalid |
- #CauseTypeFieldValueNotSupported |
- #CauseTypeForbidden |
- #CauseTypeTooLong |
- #CauseTypeTooMany |
- #CauseTypeInternal |
- #CauseTypeTypeInvalid |
- #CauseTypeUnexpectedServerResponse |
- #CauseTypeFieldManagerConflict |
- #CauseTypeResourceVersionTooLarge
-
-// CauseTypeFieldValueNotFound is used to report failure to find a requested value
-// (e.g. looking up an ID).
-#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound"
-
-// CauseTypeFieldValueRequired is used to report required values that are not
-// provided (e.g. empty strings, null values, or empty arrays).
-#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired"
-
-// CauseTypeFieldValueDuplicate is used to report collisions of values that must be
-// unique (e.g. unique IDs).
-#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate"
-
-// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex
-// match).
-#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid"
-
-// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules)
-// values that can not be handled (e.g. an enumerated string).
-#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported"
-
-// CauseTypeForbidden is used to report valid (as per formatting rules)
-// values which would be accepted under some conditions, but which are not
-// permitted by the current conditions (such as security policy). See
-// Forbidden().
-#CauseTypeForbidden: #CauseType & "FieldValueForbidden"
-
-// CauseTypeTooLong is used to report that the given value is too long.
-// This is similar to ErrorTypeInvalid, but the error will not include the
-// too-long value. See TooLong().
-#CauseTypeTooLong: #CauseType & "FieldValueTooLong"
-
-// CauseTypeTooMany is used to report "too many". This is used to
-// report that a given list has too many items. This is similar to FieldValueTooLong,
-// but the error indicates quantity instead of length.
-#CauseTypeTooMany: #CauseType & "FieldValueTooMany"
-
-// CauseTypeInternal is used to report other errors that are not related
-// to user input. See InternalError().
-#CauseTypeInternal: #CauseType & "InternalError"
-
-// CauseTypeTypeInvalid is for the value did not match the schema type for that field
-#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid"
-
-// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client
-// without the expected return type. The presence of this cause indicates the error may be
-// due to an intervening proxy or the server software malfunctioning.
-#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse"
-
-// FieldManagerConflict is used to report when another client claims to manage this field,
-// It should only be returned for a request using server-side apply.
-#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict"
-
-// CauseTypeResourceVersionTooLarge is used to report that the requested resource version
-// is newer than the data observed by the API server, so the request cannot be served.
-#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge"
-
-// List holds a list of objects, which may not be known by the server.
-#List: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of objects
- items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep)
-}
-
-// APIVersions lists the versions that are available, to allow clients to
-// discover the API at /api, which is the root path of the legacy v1 API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#APIVersions: {
- #TypeMeta
-
- // versions are the api versions that are available.
- versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep)
-}
-
-// APIGroupList is a list of APIGroup, to allow clients to discover the API at
-// /apis.
-#APIGroupList: {
- #TypeMeta
-
- // groups is a list of APIGroup.
- groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep)
-}
-
-// APIGroup contains the name, the supported versions, and the preferred version
-// of a group.
-#APIGroup: {
- #TypeMeta
-
- // name is the name of the group.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // versions are the versions supported in this group.
- versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep)
-
- // preferredVersion is the version preferred by the API server, which
- // probably is the storage version.
- // +optional
- preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- // +optional
- serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep)
-}
-
-// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.
-#ServerAddressByClientCIDR: {
- // The CIDR with which clients can match their IP to figure out the server address that they should use.
- clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt)
-
- // Address of this server, suitable for a client that matches the above CIDR.
- // This can be a hostname, hostname:port, IP or IP:port.
- serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt)
-}
-
-// GroupVersion contains the "group/version" and "version" string of a version.
-// It is made a struct to keep extensibility.
-#GroupVersionForDiscovery: {
- // groupVersion specifies the API group and version in the form "group/version"
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // version specifies the version in the form of "version". This is to save
- // the clients the trouble of splitting the GroupVersion.
- version: string @go(Version) @protobuf(2,bytes,opt)
-}
-
-// APIResource specifies the name of a resource and whether it is namespaced.
-#APIResource: {
- // name is the plural name of the resource.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely.
- // The singularName is more correct for reporting status on a single item and both singular and plural are allowed
- // from the kubectl CLI interface.
- singularName: string @go(SingularName) @protobuf(6,bytes,opt)
-
- // namespaced indicates if a resource is namespaced or not.
- namespaced: bool @go(Namespaced) @protobuf(2,varint,opt)
-
- // group is the preferred group of the resource. Empty implies the group of the containing resource list.
- // For subresources, this may have a different value, for example: Scale".
- group?: string @go(Group) @protobuf(8,bytes,opt)
-
- // version is the preferred version of the resource. Empty implies the version of the containing resource list
- // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)".
- version?: string @go(Version) @protobuf(9,bytes,opt)
-
- // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-
- // verbs is a list of supported kube verbs (this includes get, list, watch, create,
- // update, patch, delete, deletecollection, and proxy)
- verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt)
-
- // shortNames is a list of suggested short names of the resource.
- shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep)
-
- // categories is a list of the grouped resources this resource belongs to (e.g. 'all')
- categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep)
-
- // The hash value of the storage version, the version this resource is
- // converted to when written to the data store. Value must be treated
- // as opaque by clients. Only equality comparison on the value is valid.
- // This is an alpha feature and may change or be removed in the future.
- // The field is populated by the apiserver only if the
- // StorageVersionHash feature gate is enabled.
- // This field will remain optional even if it graduates.
- // +optional
- storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt)
-}
-
-// Verbs masks the value so protobuf can generate
-//
-// +protobuf.nullable=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Verbs: [...string]
-
-// APIResourceList is a list of APIResource, it is used to expose the name of the
-// resources supported in a specific group and version, and if the resource
-// is namespaced.
-#APIResourceList: {
- #TypeMeta
-
- // groupVersion is the group and version this APIResourceList is for.
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // resources contains the name of the resources and if they are namespaced.
- resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep)
-}
-
-// RootPaths lists the paths available at root.
-// For example: "/healthz", "/apis".
-#RootPaths: {
- // paths are the paths available at root.
- paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep)
-}
-
-// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
-#Patch: {
-}
-
-// A label selector is a label query over a set of resources. The result of matchLabels and
-// matchExpressions are ANDed. An empty label selector matches all objects. A null
-// label selector matches no objects.
-// +structType=atomic
-#LabelSelector: {
- // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key field is "key", the
- // operator is "In", and the values array contains only "value". The requirements are ANDed.
- // +optional
- matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep)
-
- // matchExpressions is a list of label selector requirements. The requirements are ANDed.
- // +optional
- matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A label selector requirement is a selector that contains values, a key, and an operator that
-// relates the key and values.
-#LabelSelectorRequirement: {
- // key is the label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator)
-
- // values is an array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. This array is replaced during a strategic
- // merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A label selector operator is the set of operators that can be used in a selector requirement.
-#LabelSelectorOperator: string // #enumLabelSelectorOperator
-
-#enumLabelSelectorOperator:
- #LabelSelectorOpIn |
- #LabelSelectorOpNotIn |
- #LabelSelectorOpExists |
- #LabelSelectorOpDoesNotExist
-
-#LabelSelectorOpIn: #LabelSelectorOperator & "In"
-#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn"
-#LabelSelectorOpExists: #LabelSelectorOperator & "Exists"
-#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist"
-
-// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource
-// that the fieldset applies to.
-#ManagedFieldsEntry: {
- // Manager is an identifier of the workflow managing these fields.
- manager?: string @go(Manager) @protobuf(1,bytes,opt)
-
- // Operation is the type of operation which lead to this ManagedFieldsEntry being created.
- // The only valid values for this field are 'Apply' and 'Update'.
- operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType)
-
- // APIVersion defines the version of this resource that this field set
- // applies to. The format is "group/version" just like the top-level
- // APIVersion field. It is necessary to track the version of a field
- // set because it cannot be automatically converted.
- apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
-
- // Time is the timestamp of when the ManagedFields entry was added. The
- // timestamp will also be updated if a field is added, the manager
- // changes any of the owned fields value or removes a field. The
- // timestamp does not update when a field is removed from the entry
- // because another manager took it over.
- // +optional
- time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt)
-
- // FieldsType is the discriminator for the different fields format and version.
- // There is currently only one possible value: "FieldsV1"
- fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt)
-
- // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
- // +optional
- fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt)
-
- // Subresource is the name of the subresource used to update that object, or
- // empty string if the object was updated through the main resource. The
- // value of this field is used to distinguish between managers, even if they
- // share the same name. For example, a status update will be distinct from a
- // regular update using the same manager name.
- // Note that the APIVersion field is not related to the Subresource field and
- // it always corresponds to the version of the main resource.
- subresource?: string @go(Subresource) @protobuf(8,bytes,opt)
-}
-
-// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created.
-#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType
-
-#enumManagedFieldsOperationType:
- #ManagedFieldsOperationApply |
- #ManagedFieldsOperationUpdate
-
-#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply"
-#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update"
-
-// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
-//
-// Each key is either a '.' representing the field itself, and will always map to an empty set,
-// or a string representing a sub-field or item. The string will follow one of these four formats:
-// 'f:', where is the name of a field in a struct, or key in a map
-// 'v:', where is the exact json formatted value of a list item
-// 'i:', where is position of a item in a list
-// 'k:', where is a map of a list item's key fields to their unique values
-// If a key maps to an empty Fields value, the field that key represents is part of the set.
-//
-// The exact format is defined in sigs.k8s.io/structured-merge-diff
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#FieldsV1: _
-
-// Table is a tabular representation of a set of API resources. The server transforms the
-// object into a set of preferred columns for quickly reviewing the objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=false
-#Table: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta)
-
- // columnDefinitions describes each column in the returned items array. The number of cells per row
- // will always match the number of column definitions.
- columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition)
-
- // rows is the list of items in the table.
- rows: [...#TableRow] @go(Rows,[]TableRow)
-}
-
-// TableColumnDefinition contains information about a column returned in the Table.
-// +protobuf=false
-#TableColumnDefinition: {
- // name is a human readable name for the column.
- name: string @go(Name)
-
- // type is an OpenAPI type definition for this column, such as number, integer, string, or
- // array.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- type: string @go(Type)
-
- // format is an optional OpenAPI type modifier for this column. A format modifies the type and
- // imposes additional rules, like date or time formatting for a string. The 'name' format is applied
- // to the primary identifier column which has type 'string' to assist in clients identifying column
- // is the resource name.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- format: string @go(Format)
-
- // description is a human readable description of this column.
- description: string @go(Description)
-
- // priority is an integer defining the relative importance of this column compared to others. Lower
- // numbers are considered higher priority. Columns that may be omitted in limited space scenarios
- // should be given a higher priority.
- priority: int32 @go(Priority)
-}
-
-// TableRow is an individual row in a table.
-// +protobuf=false
-#TableRow: {
- // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or
- // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a
- // more detailed description.
- cells: [...] @go(Cells,[]interface{})
-
- // conditions describe additional status of a row that are relevant for a human user. These conditions
- // apply to the row, not to the object, and will be specific to table output. The only defined
- // condition type is 'Completed', for a row that indicates a resource that has run to completion and
- // can be given less visual priority.
- // +optional
- conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition)
-
- // This field contains the requested additional information about each object based on the includeObject
- // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the
- // default serialization of the object for the current API version, and if "Metadata" (the default) will
- // contain the object metadata. Check the returned kind and apiVersion of the object before parsing.
- // The media type of the object will always match the enclosing list - if this as a JSON table, these
- // will be JSON encoded objects.
- // +optional
- object?: runtime.#RawExtension @go(Object)
-}
-
-// TableRowCondition allows a row to be marked with additional information.
-// +protobuf=false
-#TableRowCondition: {
- // Type of row condition. The only defined value is 'Completed' indicating that the
- // object this row represents has reached a completed state and may be given less visual
- // priority than other rows. Clients are not required to honor any conditions but should
- // be consistent where possible about handling the conditions.
- type: #RowConditionType @go(Type)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status)
-
- // (brief) machine readable reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message)
-}
-
-#RowConditionType: string // #enumRowConditionType
-
-#enumRowConditionType:
- #RowCompleted
-
-// RowCompleted means the underlying resource has reached completion and may be given less
-// visual priority than other resources.
-#RowCompleted: #RowConditionType & "Completed"
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// IncludeObjectPolicy controls which portion of the object is returned with a Table.
-#IncludeObjectPolicy: string // #enumIncludeObjectPolicy
-
-#enumIncludeObjectPolicy:
- #IncludeNone |
- #IncludeMetadata |
- #IncludeObject
-
-// IncludeNone returns no object.
-#IncludeNone: #IncludeObjectPolicy & "None"
-
-// IncludeMetadata serializes the object containing only its metadata field.
-#IncludeMetadata: #IncludeObjectPolicy & "Metadata"
-
-// IncludeObject contains the full object.
-#IncludeObject: #IncludeObjectPolicy & "Object"
-
-// TableOptions are used when a Table is requested by the caller.
-// +k8s:conversion-gen:explicit-from=net/url.Values
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#TableOptions: {
- #TypeMeta
-
- // includeObject decides whether to include each object along with its columnar information.
- // Specifying "None" will return no object, specifying "Object" will return the full object contents, and
- // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind
- // in version v1beta1 of the meta.k8s.io API group.
- includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy)
-}
-
-// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients
-// to get access to a particular ObjectMeta schema without knowing the details of the version.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadata: {
- #TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-}
-
-// PartialObjectMetadataList contains a list of objects containing only their metadata
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadataList: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items contains each of the included items.
- items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep)
-}
-
-// Condition contains details for one aspect of the current state of this API Resource.
-// ---
-// This struct is intended for direct use as an array at the field path .status.conditions. For example,
-//
-// type FooStatus struct{
-// // Represents the observations of a foo's current state.
-// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-// // +patchMergeKey=type
-// // +patchStrategy=merge
-// // +listType=map
-// // +listMapKey=type
-// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-//
-// // other fields
-// }
-#Condition: {
- // type of condition in CamelCase or in foo.example.com/CamelCase.
- // ---
- // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- // useful (see .node.status.conditions), the ability to deconflict is important.
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // status of the condition, one of True, False, Unknown.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Enum=True;False;Unknown
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt)
-
- // observedGeneration represents the .metadata.generation that the condition was set based upon.
- // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- // with respect to the current state of the instance.
- // +optional
- // +kubebuilder:validation:Minimum=0
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // lastTransitionTime is the last time the condition transitioned from one status to another.
- // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Type=string
- // +kubebuilder:validation:Format=date-time
- lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason contains a programmatic identifier indicating the reason for the condition's last transition.
- // Producers of specific condition types may define expected values and meanings for this field,
- // and whether the values are considered a guaranteed API.
- // The value should be a CamelCase string.
- // This field may not be empty.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=1024
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
- reason: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is a human readable message indicating details about the transition.
- // This may be an empty string.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=32768
- message: string @go(Message) @protobuf(6,bytes,opt)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
deleted file mode 100644
index 12f5f1b63..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
+++ /dev/null
@@ -1,30 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/watch"
-)
-
-// Event represents a single event to a watched resource.
-//
-// +protobuf=true
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#WatchEvent: {
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Error: *Status is recommended; other types may make sense
- // depending on context.
- object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt)
-}
-
-// InternalEvent makes watch.Event versioned
-// +protobuf=false
-#InternalEvent: watch.#Event
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
deleted file mode 100644
index 43474c392..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// SimpleAllocator a wrapper around make([]byte)
-// conforms to the MemoryAllocator interface
-#SimpleAllocator: {
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
deleted file mode 100644
index a05de5d58..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
+++ /dev/null
@@ -1,37 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// codec binds an encoder and decoder.
-_#codec: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding.
-#NoopEncoder: {
- Decoder: #Decoder
-}
-
-_#noopEncoderIdentifier: #Identifier & "noop"
-
-// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding.
-#NoopDecoder: {
- Encoder: #Encoder
-}
-
-_#base64Serializer: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-_#internalGroupVersionerIdentifier: "internal"
-_#disabledGroupVersionerIdentifier: "disabled"
-
-_#internalGroupVersioner: {
-}
-
-_#disabledGroupVersioner: {
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
deleted file mode 100644
index ce6d644cb..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime defines conversions between generic types and structs to map query strings
-// to struct objects.
-package runtime
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
deleted file mode 100644
index f49ad1e36..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// UnstructuredConverter is an interface for converting between interface{}
-// and map[string]interface representation.
-#UnstructuredConverter: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
deleted file mode 100644
index 89c5c51b3..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
+++ /dev/null
@@ -1,39 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime includes helper functions for working with API objects
-// that follow the kubernetes API object conventions, which are:
-//
-// 0. Your API objects have a common metadata struct member, TypeMeta.
-//
-// 1. Your code refers to an internal set of API objects.
-//
-// 2. In a separate package, you have an external set of API objects.
-//
-// 3. The external set is considered to be versioned, and no breaking
-// changes are ever made to it (fields may be added but not changed
-// or removed).
-//
-// 4. As your api evolves, you'll make an additional versioned package
-// with every major change.
-//
-// 5. Versioned packages have conversion functions which convert to
-// and from the internal version.
-//
-// 6. You'll continue to support older versions according to your
-// deprecation policy, and you can easily provide a program/library
-// to update old versions into new versions because of 5.
-//
-// 7. All of your serializations and deserializations are handled in a
-// centralized place.
-//
-// Package runtime provides a conversion helper to make 5 easy, and the
-// Encode/Decode/DecodeInto trio to accomplish 7. You can also register
-// additional "codecs" which use a version of your choice. It's
-// recommended that you register your types with runtime in your
-// package's init function.
-//
-// As a bonus, a few common types useful from all api objects and versions
-// are provided in types.go.
-package runtime
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
deleted file mode 100644
index d43f15f25..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-_#encodable: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
deleted file mode 100644
index ec8f1f070..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
+++ /dev/null
@@ -1,23 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// MultiObjectTyper returns the types of objects across multiple schemes in order.
-#MultiObjectTyper: [...#ObjectTyper]
-
-_#defaultFramer: {
-}
-
-// WithVersionEncoder serializes an object and ensures the GVK is set.
-#WithVersionEncoder: {
- Version: #GroupVersioner
- Encoder: #Encoder
- ObjectTyper: #ObjectTyper
-}
-
-// WithoutVersionDecoder clears the group version kind of a deserialized object.
-#WithoutVersionDecoder: {
- Decoder: #Decoder
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
deleted file mode 100644
index 22abcb620..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
+++ /dev/null
@@ -1,165 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// APIVersionInternal may be used if you are registering a type that should not
-// be considered stable or serialized - it is a convention only and has no
-// special behavior in this package.
-#APIVersionInternal: "__internal"
-
-// GroupVersioner refines a set of possible conversion targets into a single option.
-#GroupVersioner: _
-
-// Identifier represents an identifier.
-// Identitier of two different objects should be equal if and only if for every
-// input the output they produce is exactly the same.
-#Identifier: string // #enumIdentifier
-
-#enumIdentifier:
- _#noopEncoderIdentifier
-
-// Encoder writes objects to a serialized form
-#Encoder: _
-
-// MemoryAllocator is responsible for allocating memory.
-// By encapsulating memory allocation into its own interface, we can reuse the memory
-// across many operations in places we know it can significantly improve the performance.
-#MemoryAllocator: _
-
-// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations.
-#EncoderWithAllocator: _
-
-// Decoder attempts to load an object from data.
-#Decoder: _
-
-// Serializer is the core interface for transforming objects into a serialized format and back.
-// Implementations may choose to perform conversion of the object, but no assumptions should be made.
-#Serializer: _
-
-// Codec is a Serializer that deals with the details of versioning objects. It offers the same
-// interface as Serializer, so this is a marker to consumers that care about the version of the objects
-// they receive.
-#Codec: #Serializer
-
-// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and
-// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing
-// and the desired version must be specified.
-#ParameterCodec: _
-
-// Framer is a factory for creating readers and writers that obey a particular framing pattern.
-#Framer: _
-
-// SerializerInfo contains information about a specific serialization format
-#SerializerInfo: {
- // MediaType is the value that represents this serializer over the wire.
- MediaType: string
-
- // MediaTypeType is the first part of the MediaType ("application" in "application/json").
- MediaTypeType: string
-
- // MediaTypeSubType is the second part of the MediaType ("json" in "application/json").
- MediaTypeSubType: string
-
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the individual object serializer for this media type.
- Serializer: #Serializer
-
- // PrettySerializer, if set, can serialize this object in a form biased towards
- // readability.
- PrettySerializer: #Serializer
-
- // StrictSerializer, if set, deserializes this object strictly,
- // erring on unknown fields.
- StrictSerializer: #Serializer
-
- // StreamSerializer, if set, describes the streaming serialization format
- // for this media type.
- StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo)
-}
-
-// StreamSerializerInfo contains information about a specific stream serialization format
-#StreamSerializerInfo: {
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the top level object serializer for this type when streaming
- Serializer: #Serializer
-
- // Framer is the factory for retrieving streams that separate objects on the wire
- Framer: #Framer
-}
-
-// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers
-// for multiple supported media types. This would commonly be accepted by a server component
-// that performs HTTP content negotiation to accept multiple formats.
-#NegotiatedSerializer: _
-
-// ClientNegotiator handles turning an HTTP content type into the appropriate encoder.
-// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from
-// a NegotiatedSerializer.
-#ClientNegotiator: _
-
-// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers
-// that can read and write data at rest. This would commonly be used by client tools that must
-// read files, or server side storage interfaces that persist restful objects.
-#StorageSerializer: _
-
-// NestedObjectEncoder is an optional interface that objects may implement to be given
-// an opportunity to encode any nested Objects / RawExtensions during serialization.
-#NestedObjectEncoder: _
-
-// NestedObjectDecoder is an optional interface that objects may implement to be given
-// an opportunity to decode any nested Objects / RawExtensions during serialization.
-// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding
-// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields).
-// As such it is important for callers of DecodeNestedObjects to check to confirm whether
-// an error is a runtime.StrictDecodingError before short circuiting.
-// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError
-// is only returned when the rest of decoding has succeeded.
-#NestedObjectDecoder: _
-
-#ObjectDefaulter: _
-
-#ObjectVersioner: _
-
-// ObjectConvertor converts an object to a different version.
-#ObjectConvertor: _
-
-// ObjectTyper contains methods for extracting the APIVersion and Kind
-// of objects.
-#ObjectTyper: _
-
-// ObjectCreater contains methods for instantiating an object by kind and version.
-#ObjectCreater: _
-
-// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource
-#EquivalentResourceMapper: _
-
-// EquivalentResourceRegistry provides an EquivalentResourceMapper interface,
-// and allows registering known resource[/subresource] -> kind
-#EquivalentResourceRegistry: _
-
-// ResourceVersioner provides methods for setting and retrieving
-// the resource version from an API object.
-#ResourceVersioner: _
-
-// Namer provides methods for retrieving name and namespace of an API object.
-#Namer: _
-
-// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are
-// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows
-// serializers to set the kind, version, and group the object is represented as. An Object may choose
-// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized.
-#Object: _
-
-// CacheableObject allows an object to cache its different serializations
-// to avoid performing the same serialization multiple times.
-#CacheableObject: _
-
-// Unstructured objects store values as map[string]interface{}, with only values that can be serialized
-// to JSON allowed.
-#Unstructured: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
deleted file mode 100644
index 7580f4676..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// NegotiateError is returned when a ClientNegotiator is unable to locate
-// a serializer for the requested operation.
-#NegotiateError: {
- ContentType: string
- Stream: bool
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
deleted file mode 100644
index bd9c409a7..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Splice is the interface that wraps the Splice method.
-//
-// Splice moves data from given slice without copying the underlying data for
-// efficiency purpose. Therefore, the caller should make sure the underlying
-// data is not changed later.
-#Splice: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
deleted file mode 100644
index 9dfc078b4..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Pair of strings. We keed the name of fields and the doc
-#Pair: {
- Name: string
- Doc: string
-}
-
-// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself
-#KubeTypes: [...#Pair]
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
deleted file mode 100644
index d1ee609a2..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
+++ /dev/null
@@ -1,97 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type,
-// like this:
-//
-// type MyAwesomeAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// ... // other fields
-// }
-//
-// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind
-//
-// TypeMeta is provided here for convenience. You may use it directly from this package or define
-// your own with the same fields.
-//
-// +k8s:deepcopy-gen=false
-// +protobuf=true
-// +k8s:openapi-gen=true
-#TypeMeta: {
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // +optional
- kind?: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-#ContentTypeJSON: "application/json"
-#ContentTypeYAML: "application/yaml"
-#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf"
-
-// RawExtension is used to hold extensions in external versions.
-//
-// To use this, make a field which has RawExtension as its type in your external, versioned
-// struct, and Object in your internal struct. You also need to register your
-// various plugin types.
-//
-// // Internal package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.Object `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // External package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.RawExtension `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // On the wire, the JSON will look something like this:
-//
-// {
-// "kind":"MyAPIObject",
-// "apiVersion":"v1",
-// "myPlugin": {
-// "kind":"PluginA",
-// "aOption":"foo",
-// },
-// }
-//
-// So what happens? Decode first uses json or yaml to unmarshal the serialized data into
-// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.
-// The next step is to copy (using pkg/conversion) into the internal struct. The runtime
-// package's DefaultScheme has conversion functions installed which will unpack the
-// JSON stored in RawExtension, turning it into the correct object type, and storing it
-// in the Object. (TODO: In the case where the object is of an unknown type, a
-// runtime.Unknown object will be created and stored.)
-//
-// +k8s:deepcopy-gen=true
-// +protobuf=true
-// +k8s:openapi-gen=true
-#RawExtension: _
-
-// Unknown allows api objects with unknown types to be passed-through. This can be used
-// to deal with the API objects from a plug-in. Unknown objects still have functioning
-// TypeMeta features-- kind, version, etc.
-// TODO: Make this object have easy access to field based accessors and settors for
-// metadata and field mutatation.
-//
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=true
-// +k8s:openapi-gen=true
-#Unknown: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
deleted file mode 100644
index 8b8ddf891..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-#ProtobufMarshaller: _
-
-#ProtobufReverseMarshaller: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
deleted file mode 100644
index bfb4bcda3..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-// Package types implements various generic types used throughout kubernetes.
-package types
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
deleted file mode 100644
index 7cb2745aa..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-#NamespacedName: {
- Namespace: string
- Name: string
-}
-
-#Separator: 47 // '/'
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
deleted file mode 100644
index 8b264b80c..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// NodeName is a type that holds a api.Node's Name identifier.
-// Being a type captures intent and helps make sure that the node name
-// is not confused with similar concepts (the hostname, the cloud provider id,
-// the cloud provider name etc)
-//
-// To clarify the various types:
-//
-// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName.
-// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level.
-//
-// - Hostname is the hostname of the local machine (from uname -n).
-// However, some components allow the user to pass in a --hostname-override flag,
-// which will override this in most places. In the absence of anything more meaningful,
-// kubelet will use Hostname as the Node.Name when it creates the Node.
-//
-// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId.
-//
-// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the
-// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up
-// to the cloudprovider how to do this mapping.
-//
-// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the
-// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if
-// we are using a custom DHCP domain it won't be.
-#NodeName: string
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
deleted file mode 100644
index 3de5d80f9..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// Similarly to above, these are constants to support HTTP PATCH utilized by
-// both the client and server that didn't make sense for a whole package to be
-// dedicated to.
-#PatchType: string // #enumPatchType
-
-#enumPatchType:
- #JSONPatchType |
- #MergePatchType |
- #StrategicMergePatchType |
- #ApplyPatchType
-
-#JSONPatchType: #PatchType & "application/json-patch+json"
-#MergePatchType: #PatchType & "application/merge-patch+json"
-#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json"
-#ApplyPatchType: #PatchType & "application/apply-patch+yaml"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
deleted file mode 100644
index 40bdd8285..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// UID is a type that holds unique ID values, including UUIDs. Because we
-// don't ONLY use UUIDs, this is an alias to string. Being a type captures
-// intent and helps make sure that UIDs and names do not get conflated.
-#UID: string
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
deleted file mode 100644
index 2c8cc3651..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr
-
-package intstr
-
-// IntOrString is a type that can hold an int32 or a string. When used in
-// JSON or YAML marshalling and unmarshalling, it produces or consumes the
-// inner type. This allows you to have, for example, a JSON field that can
-// accept a name or number.
-// TODO: Rename to Int32OrString
-//
-// +protobuf=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:openapi-gen=true
-#IntOrString: _
-
-// Type represents the stored type of IntOrString.
-#Type: int64 // #enumType
-
-#enumType:
- #Int |
- #String
-
-#values_Type: {
- Int: #Int
- String: #String
-}
-
-#Int: #Type & 0
-#String: #Type & 1
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
deleted file mode 100644
index bc1b91894..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-// Package watch contains a generic watchable interface, and a fake for
-// testing code that uses the watch interface.
-package watch
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
deleted file mode 100644
index 045e8ec85..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Recorder records all events that are sent from the watch until it is closed.
-#Recorder: {
- Interface: #Interface
-}
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
deleted file mode 100644
index dcf72d5b0..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch
-// channel is full.
-#FullChannelBehavior: int // #enumFullChannelBehavior
-
-#enumFullChannelBehavior:
- #WaitIfChannelFull |
- #DropIfChannelFull
-
-#values_FullChannelBehavior: {
- WaitIfChannelFull: #WaitIfChannelFull
- DropIfChannelFull: #DropIfChannelFull
-}
-
-#WaitIfChannelFull: #FullChannelBehavior & 0
-#DropIfChannelFull: #FullChannelBehavior & 1
-
-_#incomingQueueLength: 25
-
-_#internalRunFunctionMarker: "internal-do-function"
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
deleted file mode 100644
index f0805cfb2..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written.
-#Decoder: _
-
-// Reporter hides the details of how an error is turned into a runtime.Object for
-// reporting on a watch stream since this package may not import a higher level report.
-#Reporter: _
diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
deleted file mode 100644
index 0db2e6be1..000000000
--- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-import "k8s.io/apimachinery/pkg/runtime"
-
-// Interface can be implemented by anything that knows how to watch and report changes.
-#Interface: _
-
-// EventType defines the possible types of events.
-#EventType: string // #enumEventType
-
-#enumEventType:
- #Added |
- #Modified |
- #Deleted |
- #Bookmark |
- #Error
-
-#Added: #EventType & "ADDED"
-#Modified: #EventType & "MODIFIED"
-#Deleted: #EventType & "DELETED"
-#Bookmark: #EventType & "BOOKMARK"
-#Error: #EventType & "ERROR"
-
-// Event represents a single event to a watched resource.
-// +k8s:deepcopy-gen=true
-#Event: {
- Type: #EventType
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Bookmark: the object (instance of a type being watched) where
- // only ResourceVersion field is set. On successful restart of watch from a
- // bookmark resourceVersion, client is guaranteed to not get repeat event
- // nor miss any events.
- // * If Type is Error: *api.Status is recommended; other types may make sense
- // depending on context.
- Object: runtime.#Object
-}
-
-// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe.
-#RaceFreeFakeWatcher: {
- Stopped: bool
-}
diff --git a/k8s/timoni/codebattle/cue.mod/module.cue b/k8s/timoni/codebattle/cue.mod/module.cue
deleted file mode 100644
index 4f3d2dfda..000000000
--- a/k8s/timoni/codebattle/cue.mod/module.cue
+++ /dev/null
@@ -1,2 +0,0 @@
-module: "timoni.sh/codebattle"
-language: version: "v0.9.0"
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
deleted file mode 100644
index 2c579e99d..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Action holds the list of annotations for controlling
-// Timoni's apply behaviour of Kubernetes resources.
-Action: {
- // Force annotation for recreating immutable resources such as Kubernetes Jobs.
- Force: {
- "action.timoni.sh/force": ActionStatus.Enabled
- }
- // One-off annotation for appling resources only if they don't exist on the cluster.
- Oneoff: {
- "action.timoni.sh/one-off": ActionStatus.Enabled
- }
- // Keep annotation for preventing Timoni's garbage collector from deleting resources.
- Keep: {
- "action.timoni.sh/prune": ActionStatus.Disabled
- }
-}
-
-ActionStatus: {
- Enabled: "enabled"
- Disabled: "disabled"
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
deleted file mode 100644
index 1535ea43f..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strings"
-)
-
-// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image.
-#Image: {
-
- // Repository is the address of a container registry repository.
- // An image repository is made up of slash-separated name components, optionally
- // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
- repository!: string
-
- // Tag identifies an image in the repository.
- // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes.
- // A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
- tag!: string & strings.MaxRunes(128)
-
- // Digest uniquely and immutably identifies an image in the repository.
- // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
- digest!: string
-
- // PullPolicy defines the pull policy for the image.
- // By default, it is set to IfNotPresent.
- pullPolicy: *"IfNotPresent" | "Always" | "Never"
-
- // Reference is the image address computed from repository, tag and digest
- // in the format [REPOSITORY]:[TAG]@[DIGEST].
- reference: string
-
- if digest != "" && tag != "" {
- reference: "\(repository):\(tag)@\(digest)"
- }
-
- if digest != "" && tag == "" {
- reference: "\(repository)@\(digest)"
- }
-
- if digest == "" && tag != "" {
- reference: "\(repository):\(tag)"
- }
-
- if digest == "" && tag == "" {
- reference: "\(repository):latest"
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
deleted file mode 100644
index 19f098967..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/base64"
- "strings"
-)
-
-// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson.
-// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets.
-#ImagePullSecret: {
- // Metadata is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]].
- #Registry!: string
-
- // Username is the username used to authenticate to the container registry.
- #Username!: string
-
- // Password is the password used to authenticate to the container registry.
- #Password!: string
-
- // Optional suffix used to generate the Secret name.
- #Suffix: *"" | string & strings.MaxRunes(30)
-
- let auth = base64.Encode(null, #Username+":"+#Password)
-
- apiVersion: "v1"
- kind: "Secret"
- type: "kubernetes.io/dockerconfigjson"
- metadata: {
- name: #Meta.name + #Suffix
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- stringData: {
- ".dockerconfigjson": """
- {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}}
- """
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
deleted file mode 100644
index 7b31c23e4..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/json"
- "strings"
- "uuid"
-)
-
-#ConfigMapKind: "ConfigMap"
-#SecretKind: "Secret"
-
-// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets.
-// The metadata.name of the generated object is suffixed with the hash of the input data.
-#ImmutableConfig: {
- // Kind of the generated object.
- #Kind: *#ConfigMapKind | #SecretKind
-
- // Metadata of the generated object.
- #Meta: #Metadata
-
- // Optional suffix appended to the generate name.
- #Suffix: *"" | string
-
- // Data of the generated object.
- #Data: {[string]: string}
-
- let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0]
-
- apiVersion: "v1"
- kind: #Kind
- metadata: {
- name: #Meta.name + #Suffix + "-" + hash
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- immutable: true
- if kind == #ConfigMapKind {
- data: #Data
- }
- if kind == #SecretKind {
- stringData: #Data
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
deleted file mode 100644
index ad96b0621..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// InstanceName defines the schema for the name of a Timoni instance.
-// The instance name is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceNamespace defines the schema for the namespace of a Timoni instance.
-// The instance namespace is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership.
-#InstanceOwnerReference: {
- #Name: "instance.timoni.sh/name"
- #Namespace: "instance.timoni.sh/namespace"
-}
-
-// InstanceModule defines the schema for the Module of a Timoni instance.
-#InstanceModule: {
- url: string & =~"^((oci|file)://.*)$"
- version: *"latest" | string
- digest?: string
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
deleted file mode 100644
index 188ff505d..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// Annotations defines the schema for Kubernetes object metadata annotations.
-#Annotations: {[string & strings.MaxRunes(253)]: string}
-
-// Labels defines the schema for Kubernetes object metadata labels.
-#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
-
-#StdLabelName: "app.kubernetes.io/name"
-#StdLabelVersion: "app.kubernetes.io/version"
-#StdLabelPartOf: "app.kubernetes.io/part-of"
-#StdLabelManagedBy: "app.kubernetes.io/managed-by"
-#StdLabelComponent: "app.kubernetes.io/component"
-#StdLabelInstance: "app.kubernetes.io/instance"
-
-// Metadata defines the schema for Kubernetes object metadata.
-#Metadata: {
- // Version should be in the strict semver format. Is required when creating resources.
- #Version!: string & strings.MaxRunes(63)
-
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name!: #InstanceName
-
- // Namespace defines the space within which each name must be unique.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- namespace!: #InstanceNamespace
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set to store and retrieve arbitrary metadata.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- annotations?: #Annotations
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes labels: app name, version and managed-by.
- labels: {
- (#StdLabelName): name
- (#StdLabelVersion): #Version
- (#StdLabelManagedBy): "timoni"
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name label.
- #LabelSelector: #Labels & {
- (#StdLabelName): name
- }
-
- // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions
- // are met before it fully deletes resources marked for deletion.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/
- finalizers?: [...string]
-}
-
-// MetaComponent generates the Kubernetes object metadata for a module namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
- namespace: #Meta.namespace
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
-
-// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.namespace is unset.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaClusterComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
deleted file mode 100644
index 1dcdb699e..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// ObjectReference is a reference to a Kubernetes object.
-#ObjectReference: {
- // Name of the referent.
- name!: string & strings.MaxRunes(256)
-
- // Namespace of the referent.
- namespace?: string & strings.MaxRunes(256)
-
- // API version of the referent.
- apiVersion?: string & strings.MaxRunes(256)
-
- // Kind of the referent.
- kind?: string & strings.MaxRunes(256)
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
deleted file mode 100644
index d3b5573ae..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m.
-#CPUQuantity: string & =~"^[1-9]\\d*m$"
-
-// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi.
-#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$"
-
-// ResourceRequirement defines the schema for the CPU and Memory resource requirements.
-#ResourceRequirement: {
- cpu?: #CPUQuantity
- memory?: #MemoryQuantity
-}
-
-// ResourceRequirements defines the schema for the compute resource requirements of a container.
-// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- limits?: #ResourceRequirement
-
- // Requests describes the minimum amount of compute resources required.
- // Requests cannot exceed Limits.
- requests?: #ResourceRequirement & {
- if limits != _|_ {
- if limits.cpu != _|_ {
- _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0])
- _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0])
- #cpu: int & >=_rc & _lc
- }
- }
- }
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
deleted file mode 100644
index 9c4f2384b..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc.
-#Selector: {
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- #Name!: #InstanceName
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes label: app name.
- labels: (#StdLabelName): #Name
-}
diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
deleted file mode 100644
index ecd1e397f..000000000
--- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// SemVer validates the input version string and extracts the major and minor version numbers.
-// When Minimum is set, the major and minor parts must be greater or equal to the minimum
-// or a validation error is returned.
-#SemVer: {
- // Input version string in strict semver format.
- #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- // Minimum is the minimum allowed MAJOR.MINOR version.
- #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0])
- let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1])
-
- major: int & >=minMajor
- major: strconv.Atoi(strings.Split(#Version, ".")[0])
-
- minor: int & >=minMinor
- minor: strconv.Atoi(strings.Split(#Version, ".")[1])
-}
diff --git a/k8s/timoni/codebattle/templates/config.cue b/k8s/timoni/codebattle/templates/config.cue
deleted file mode 100644
index 70b56fa6e..000000000
--- a/k8s/timoni/codebattle/templates/config.cue
+++ /dev/null
@@ -1,96 +0,0 @@
-package templates
-
-import (
- corev1 "k8s.io/api/core/v1"
- networkingv1 "k8s.io/api/networking/v1"
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#Config: {
- kubeVersion!: string
- moduleVersion!: string
-
- metadata: timoniv1.#Metadata & {#Version: moduleVersion}
- metadata: labels: timoniv1.#Labels
- metadata: annotations?: timoniv1.#Annotations
-
- selector: timoniv1.#Selector & {
- #Name: metadata.name
- labels: app: "codebattle"
- }
-
- registry: string
- image!: {
- codebattle: timoniv1.#Image
- nginx: timoniv1.#Image
- }
-
- resources: timoniv1.#ResourceRequirements & {
- requests: {
- cpu: *"10m" | timoniv1.#CPUQuantity
- memory: *"32Mi" | timoniv1.#MemoryQuantity
- }
- }
-
- replicas: *1 | int & >0
-
- securityContext: corev1.#SecurityContext & {
- allowPrivilegeEscalation: *false | true
- privileged: *false | true
- capabilities:
- {
- drop: *["ALL"] | [string]
- add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string]
- }
- }
-
- service: {
- annotations?: timoniv1.#Annotations
- port: *4000 | int & >0 & <=65535
- type: corev1.#ServiceType
- }
-
- env: [string]: string | int | bool
-
- podSecurityContext?: corev1.#PodSecurityContext
- imagePullSecrets?: [...timoniv1.#ObjectReference]
- tolerations?: [...corev1.#Toleration]
- affinity?: corev1.#Affinity
- topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint]
-
- ingress: {
- enable: *false | bool
- class?: string
- tls: [...networkingv1.#IngressTLS]
- host?: string
- }
-
- gateway: {
- enable: certManager.enable & (*false | bool)
- gatewayName: string
- host: *"codebattle.hexlet.io" | string
- }
-
- certManager: enable: *false | bool
-
- rustExecutor: *false | bool
-}
-
-// Instance takes the config values and outputs the Kubernetes objects.
-#Instance: {
- config: #Config
-
- objects: {
- deploy: #Deployment & {#config: config}
- svc: #Service & {#config: config}
- if config.ingress.enable {
- ingress: #Ingress & {#config: config}
- }
- if config.gateway.enable {
- gateway: #HTTPRoute & {#config: config}
- }
- if config.certManager.enable {
- issuer: #Issuer & {#config: config}
- }
- }
-}
diff --git a/k8s/timoni/codebattle/templates/deployment.cue b/k8s/timoni/codebattle/templates/deployment.cue
deleted file mode 100644
index 039912141..000000000
--- a/k8s/timoni/codebattle/templates/deployment.cue
+++ /dev/null
@@ -1,86 +0,0 @@
-package templates
-
-import (
- appsv1 "k8s.io/api/apps/v1"
- corev1 "k8s.io/api/core/v1"
-)
-
-#Deployment: appsv1.#Deployment & {
- #config: #Config
- apiVersion: "apps/v1"
- kind: "Deployment"
- metadata: #config.metadata
- spec: appsv1.#DeploymentSpec & {
- replicas: #config.replicas
- selector: matchLabels: #config.selector.labels
- template: {
- metadata: labels: #config.selector.labels
- spec: corev1.#PodSpec & {
- containers: [{
- name: "codebattle"
- image: #config.image.codebattle.reference
- imagePullPolicy: #config.image.codebattle.pullPolicy
- ports: [{
- name: "codebattle"
- containerPort: #config.service.port
- protocol: "TCP"
- }]
- readinessProbe: {
- httpGet: {
- path: "/health"
- port: "codebattle"
- }
- initialDelaySeconds: 5
- periodSeconds: 5
- successThreshold: 1
- }
- command: ["make", "start"]
- envFrom: [{
- secretRef: name: "\(#config.metadata.name)-secrets"
- }]
- env: [for k, v in #config.env {
- name: k
- value: "\(v)"
- }, {
- name: "CODEBATTLE_PORT"
- value: "\(#config.service.port)"
- }, {
- name: "CODEBATTLE_VERSION"
- value: #config.image.codebattle.tag
- }, {
- name: "KUBERNETES_NAMESPACE"
- valueFrom: fieldRef: fieldPath: "metadata.namespace"
- }, if #config.rustExecutor {
- name: "CODEBATTLE_EXECUTOR"
- value: "rust"
- }]
- }, {
- name: "nginx"
- image: #config.image.nginx.reference
- imagePullPolicy: #config.image.nginx.pullPolicy
- ports: [{
- name: "http"
- containerPort: 80
- protocol: "TCP"
- }]
- readinessProbe: {
- httpGet: {
- path: "/health"
- port: "http"
- }
- initialDelaySeconds: 5
- periodSeconds: 5
- successThreshold: 1
- }
- env: [{
- name: "NGINX_SERVER_ADDRESS"
- value: "127.0.0.1"
- }]
- }]
- if #config.affinity != _|_ {
- affinity: #config.affinity
- }
- }
- }
- }
-}
diff --git a/k8s/timoni/codebattle/templates/httproute.cue b/k8s/timoni/codebattle/templates/httproute.cue
deleted file mode 100644
index e99dfe9af..000000000
--- a/k8s/timoni/codebattle/templates/httproute.cue
+++ /dev/null
@@ -1,42 +0,0 @@
-package templates
-
-import (
- gatewayv1 "gateway.networking.k8s.io/httproute/v1"
-)
-
-#HTTPRoute: gatewayv1.#HTTPRoute & {
- #config: #Config
- apiVersion: "gateway.networking.k8s.io/v1"
- kind: "HTTPRoute"
- metadata: #config.metadata
- spec: {
- parentRefs: [{
- name: #config.gateway.gatewayName
- sectionName: "https"
- }]
- rules: [{
- matches: [{
- path: {
- type: "PathPrefix"
- value: "/"
- }
- }]
- backendRefs: [{
- name: metadata.name
- port: #config.service.port
- }]
- }, {
- matches: [{
- path: {
- type: "PathPrefix"
- value: "/assets"
- }
- }]
- timeouts: request: "60s"
- backendRefs: [{
- name: metadata.name
- port: 80
- }]
- }]
- }
-}
diff --git a/k8s/timoni/codebattle/templates/ingress.cue b/k8s/timoni/codebattle/templates/ingress.cue
deleted file mode 100644
index ea6eb98d0..000000000
--- a/k8s/timoni/codebattle/templates/ingress.cue
+++ /dev/null
@@ -1,34 +0,0 @@
-package templates
-
-import (
- networkingv1 "k8s.io/api/networking/v1"
-)
-
-#Ingress: networkingv1.#Ingress & {
- #config: #Config
- apiVersion: "networking.k8s.io/v1"
- kind: "Ingress"
- metadata: #config.metadata
- spec: networkingv1.#IngressSpec & {
- ingressClassName: #config.ingress.class
- tls: #config.ingress.tls
- rules: [{
- host: #config.ingress.host
- http: paths: [{
- path: "/assets"
- pathType: "Prefix"
- backend: service: {
- name: #config.metadata.name
- port: name: "nginx"
- }
- }, {
- path: "/"
- pathType: "Prefix"
- backend: service: {
- name: #config.metadata.name
- port: name: "codebattle"
- }
- }]
- }]
- }
-}
diff --git a/k8s/timoni/codebattle/templates/issuer.cue b/k8s/timoni/codebattle/templates/issuer.cue
deleted file mode 100644
index 1729a750b..000000000
--- a/k8s/timoni/codebattle/templates/issuer.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-package templates
-
-import (
- issuerv1 "cert-manager.io/issuer/v1"
-)
-
-#Issuer: issuerv1.#Issuer & {
- #config: #Config
- apiVersion: "cert-manager.io/v1"
- kind: "Issuer"
- metadata: #config.metadata
- spec: {
- acme: {
- server: "https://acme-v02.api.letsencrypt.org/directory"
- privateKeySecretRef: name: "\(metadata.name)-letsencrypt"
- solvers: [{
- http01: gatewayHTTPRoute: {
- parentRefs: [{
- name: #config.gateway.gatewayName
- }]
- }
- }]
- }
- }
-}
diff --git a/k8s/timoni/codebattle/templates/service.cue b/k8s/timoni/codebattle/templates/service.cue
deleted file mode 100644
index 19b8509ff..000000000
--- a/k8s/timoni/codebattle/templates/service.cue
+++ /dev/null
@@ -1,30 +0,0 @@
-package templates
-
-import (
- corev1 "k8s.io/api/core/v1"
-)
-
-#Service: corev1.#Service & {
- #config: #Config
- apiVersion: "v1"
- kind: "Service"
- metadata: #config.metadata
- if #config.service.annotations != _|_ {
- metadata: annotations: #config.service.annotations
- }
- spec: corev1.#ServiceSpec & {
- type: #config.service.type
- selector: #config.selector.labels
- ports: [{
- port: #config.service.port
- protocol: "TCP"
- name: "codebattle"
- targetPort: name
- }, {
- port: 80
- protocol: "TCP"
- name: "http"
- targetPort: name
- }]
- }
-}
diff --git a/k8s/timoni/codebattle/timoni.cue b/k8s/timoni/codebattle/timoni.cue
deleted file mode 100644
index b2618dcb2..000000000
--- a/k8s/timoni/codebattle/timoni.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-package main
-
-import (
- templates "timoni.sh/codebattle/templates"
-)
-
-values: templates.#Config
-
-timoni: {
- apiVersion: "v1alpha1"
-
- instance: templates.#Instance & {
- config: values
- config: {
- metadata: {
- name: string @tag(name)
- namespace: string @tag(namespace)
- }
- moduleVersion: string @tag(mv, var=moduleVersion)
- kubeVersion: string @tag(kv, var=kubeVersion)
- }
- }
-
- apply: app: [for obj in instance.objects {obj}]
-}
diff --git a/k8s/timoni/codebattle/timoni.ignore b/k8s/timoni/codebattle/timoni.ignore
deleted file mode 100644
index 0722c3486..000000000
--- a/k8s/timoni/codebattle/timoni.ignore
+++ /dev/null
@@ -1,14 +0,0 @@
-# VCS
-.git/
-.gitignore
-.gitmodules
-.gitattributes
-
-# Go
-vendor/
-go.mod
-go.sum
-
-# CUE
-*_tool.cue
-debug_values.cue
diff --git a/k8s/timoni/codebattle/values.cue b/k8s/timoni/codebattle/values.cue
deleted file mode 100644
index 7f8243318..000000000
--- a/k8s/timoni/codebattle/values.cue
+++ /dev/null
@@ -1,23 +0,0 @@
-package main
-
-values: {
- registry: "docker.io"
- service: {
- port: 4000
- type: "ClusterIP"
- }
- image: {
- codebattle: {
- repository: "\(registry)/codebattle/codebattle"
- tag: "latest"
- digest: ""
- }
- nginx: {
- repository: "\(registry)/codebattle/nginx-assets"
- tag: "latest"
- digest: ""
- }
- }
- env: {
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue
deleted file mode 100644
index d128f3f58..000000000
--- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue
+++ /dev/null
@@ -1,794 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml
-
-package v1
-
-import (
- "strings"
- "list"
- "struct"
-)
-
-// Gateway represents an instance of a service-traffic handling
-// infrastructure
-// by binding Listeners to a set of IP addresses.
-#Gateway: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "gateway.networking.k8s.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "Gateway"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // Spec defines the desired state of Gateway.
- spec!: #GatewaySpec
-}
-
-// Spec defines the desired state of Gateway.
-#GatewaySpec: {
- // Addresses requested for this Gateway. This is optional and
- // behavior can
- // depend on the implementation. If a value is set in the spec and
- // the
- // requested address is invalid or unavailable, the implementation
- // MUST
- // indicate this in the associated entry in
- // GatewayStatus.Addresses.
- //
- // The Addresses field represents a request for the address(es) on
- // the
- // "outside of the Gateway", that traffic bound for this Gateway
- // will use.
- // This could be the IP address or hostname of an external load
- // balancer or
- // other networking infrastructure, or some other address that
- // traffic will
- // be sent to.
- //
- // If no Addresses are specified, the implementation MAY schedule
- // the
- // Gateway in an implementation-specific manner, assigning an
- // appropriate
- // set of Addresses.
- //
- // The implementation MUST bind all Listeners to every
- // GatewayAddress that
- // it assigns to the Gateway and add a corresponding entry in
- // GatewayStatus.Addresses.
- //
- // Support: Extended
- addresses?: list.MaxItems(16) & [...matchN(1, [{
- type?: "IPAddress"
- value?: matchN(>=1, [_, _])
- }, {
- type?: matchN(0, ["IPAddress"])
- }]) & {
- // Type of the address.
- type?: strings.MaxRunes(253) & strings.MinRunes(1) & =~"^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$" | *"IPAddress"
-
- // Value of the address. The validity of the values will depend
- // on the type and support by the controller.
- //
- // Examples: `1.2.3.4`, `128::1`, `my-ip-address`.
- value!: strings.MaxRunes(253) & strings.MinRunes(1)
- }]
- backendTLS?: {
- // ClientCertificateRef is a reference to an object that contains
- // a Client
- // Certificate and the associated private key.
- //
- // References to a resource in different namespace are invalid
- // UNLESS there
- // is a ReferenceGrant in the target namespace that allows the
- // certificate
- // to be attached. If a ReferenceGrant does not allow this
- // reference, the
- // "ResolvedRefs" condition MUST be set to False for this listener
- // with the
- // "RefNotPermitted" reason.
- //
- // ClientCertificateRef can reference to standard Kubernetes
- // resources, i.e.
- // Secret, or implementation-specific custom resources.
- //
- // This setting can be overridden on the service level by use of
- // BackendTLSPolicy.
- //
- // Support: Core
- clientCertificateRef?: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is kind of the referent. For example "Secret".
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Secret"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referenced object. When
- // unspecified, the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
- }
- }
-
- // GatewayClassName used for this Gateway. This is the name of a
- // GatewayClass resource.
- gatewayClassName!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Infrastructure defines infrastructure level attributes about
- // this Gateway instance.
- //
- // Support: Extended
- infrastructure?: {
- // Annotations that SHOULD be applied to any resources created in
- // response to this Gateway.
- //
- // For implementations creating other Kubernetes objects, this
- // should be the `metadata.annotations` field on resources.
- // For other implementations, this refers to any relevant
- // (implementation specific) "annotations" concepts.
- //
- // An implementation may chose to add additional
- // implementation-specific annotations as they see fit.
- //
- // Support: Extended
- annotations?: close({
- [string]: strings.MaxRunes(4096) & strings.MinRunes(0)
- }) & struct.MaxFields(8)
-
- // Labels that SHOULD be applied to any resources created in
- // response to this Gateway.
- //
- // For implementations creating other Kubernetes objects, this
- // should be the `metadata.labels` field on resources.
- // For other implementations, this refers to any relevant
- // (implementation specific) "labels" concepts.
- //
- // An implementation may chose to add additional
- // implementation-specific labels as they see fit.
- //
- // If an implementation maps these labels to Pods, or any other
- // resource that would need to be recreated when labels
- // change, it SHOULD clearly warn about this behavior in
- // documentation.
- //
- // Support: Extended
- labels?: close({
- [string]: strings.MaxRunes(63) & strings.MinRunes(0) & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
- }) & struct.MaxFields(8)
-
- // ParametersRef is a reference to a resource that contains the
- // configuration
- // parameters corresponding to the Gateway. This is optional if
- // the
- // controller does not require any additional configuration.
- //
- // This follows the same semantics as GatewayClass's
- // `parametersRef`, but on a per-Gateway basis
- //
- // The Gateway's GatewayClass may provide its own `parametersRef`.
- // When both are specified,
- // the merging behavior is implementation specific.
- // It is generally recommended that GatewayClass provides defaults
- // that can be overridden by a Gateway.
- //
- // Support: Implementation-specific
- parametersRef?: {
- // Group is the group of the referent.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent.
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
- }
- }
-
- // Listeners associated with this Gateway. Listeners define
- // logical endpoints that are bound on this Gateway's addresses.
- // At least one Listener MUST be specified.
- //
- // Each Listener in a set of Listeners (for example, in a single
- // Gateway)
- // MUST be _distinct_, in that a traffic flow MUST be able to be
- // assigned to
- // exactly one listener. (This section uses "set of Listeners"
- // rather than
- // "Listeners in a single Gateway" because implementations MAY
- // merge configuration
- // from multiple Gateways onto a single data plane, and these
- // rules _also_
- // apply in that case).
- //
- // Practically, this means that each listener in a set MUST have a
- // unique
- // combination of Port, Protocol, and, if supported by the
- // protocol, Hostname.
- //
- // Some combinations of port, protocol, and TLS settings are
- // considered
- // Core support and MUST be supported by implementations based on
- // their
- // targeted conformance profile:
- //
- // HTTP Profile
- //
- // 1. HTTPRoute, Port: 80, Protocol: HTTP
- // 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate,
- // TLS keypair provided
- //
- // TLS Profile
- //
- // 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough
- //
- // "Distinct" Listeners have the following property:
- //
- // The implementation can match inbound requests to a single
- // distinct
- // Listener. When multiple Listeners share values for fields (for
- // example, two Listeners with the same Port value), the
- // implementation
- // can match requests to only one of the Listeners using other
- // Listener fields.
- //
- // For example, the following Listener scenarios are distinct:
- //
- // 1. Multiple Listeners with the same Port that all use the
- // "HTTP"
- // Protocol that all have unique Hostname values.
- // 2. Multiple Listeners with the same Port that use either the
- // "HTTPS" or
- // "TLS" Protocol that all have unique Hostname values.
- // 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no
- // Listener
- // with the same Protocol has the same Port value.
- //
- // Some fields in the Listener struct have possible values that
- // affect
- // whether the Listener is distinct. Hostname is particularly
- // relevant
- // for HTTP or HTTPS protocols.
- //
- // When using the Hostname value to select between same-Port,
- // same-Protocol
- // Listeners, the Hostname value must be different on each
- // Listener for the
- // Listener to be distinct.
- //
- // When the Listeners are distinct based on Hostname, inbound
- // request
- // hostnames MUST match from the most specific to least specific
- // Hostname
- // values to choose the correct Listener and its associated set of
- // Routes.
- //
- // Exact matches must be processed before wildcard matches, and
- // wildcard
- // matches must be processed before fallback (empty Hostname
- // value)
- // matches. For example, `"foo.example.com"` takes precedence over
- // `"*.example.com"`, and `"*.example.com"` takes precedence over
- // `""`.
- //
- // Additionally, if there are multiple wildcard entries, more
- // specific
- // wildcard entries must be processed before less specific
- // wildcard entries.
- // For example, `"*.foo.example.com"` takes precedence over
- // `"*.example.com"`.
- // The precise definition here is that the higher the number of
- // dots in the
- // hostname to the right of the wildcard character, the higher the
- // precedence.
- //
- // The wildcard character will match any number of characters _and
- // dots_ to
- // the left, however, so `"*.example.com"` will match both
- // `"foo.bar.example.com"` _and_ `"bar.example.com"`.
- //
- // If a set of Listeners contains Listeners that are not distinct,
- // then those
- // Listeners are Conflicted, and the implementation MUST set the
- // "Conflicted"
- // condition in the Listener Status to "True".
- //
- // Implementations MAY choose to accept a Gateway with some
- // Conflicted
- // Listeners only if they only accept the partial Listener set
- // that contains
- // no Conflicted Listeners. To put this another way,
- // implementations may
- // accept a partial Listener set only if they throw out *all* the
- // conflicting
- // Listeners. No picking one of the conflicting listeners as the
- // winner.
- // This also means that the Gateway must have at least one
- // non-conflicting
- // Listener in this case, otherwise it violates the requirement
- // that at
- // least one Listener must be present.
- //
- // The implementation MUST set a "ListenersNotValid" condition on
- // the
- // Gateway Status when the Gateway contains Conflicted Listeners
- // whether or
- // not they accept the Gateway. That Condition SHOULD clearly
- // indicate in the Message which Listeners are conflicted, and
- // which are
- // Accepted. Additionally, the Listener status for those listeners
- // SHOULD
- // indicate which Listeners are conflicted and not Accepted.
- //
- // A Gateway's Listeners are considered "compatible" if:
- //
- // 1. They are distinct.
- // 2. The implementation can serve them in compliance with the
- // Addresses
- // requirement that all Listeners are available on all assigned
- // addresses.
- //
- // Compatible combinations in Extended support are expected to
- // vary across
- // implementations. A combination that is compatible for one
- // implementation
- // may not be compatible for another.
- //
- // For example, an implementation that cannot serve both TCP and
- // UDP listeners
- // on the same address, or cannot mix HTTPS and generic TLS
- // listens on the same port
- // would not consider those cases compatible, even though they are
- // distinct.
- //
- // Note that requests SHOULD match at most one Listener. For
- // example, if
- // Listeners are defined for "foo.example.com" and
- // "*.example.com", a
- // request to "foo.example.com" SHOULD only be routed using routes
- // attached
- // to the "foo.example.com" Listener (and not the "*.example.com"
- // Listener).
- // This concept is known as "Listener Isolation". Implementations
- // that do
- // not support Listener Isolation MUST clearly document this.
- //
- // Implementations MAY merge separate Gateways onto a single set
- // of
- // Addresses if all Listeners across all Gateways are compatible.
- //
- // Support: Core
- listeners!: list.MaxItems(64) & [...{
- // AllowedRoutes defines the types of routes that MAY be attached
- // to a
- // Listener and the trusted namespaces where those Route resources
- // MAY be
- // present.
- //
- // Although a client request may match multiple route rules, only
- // one rule
- // may ultimately receive the request. Matching precedence MUST be
- // determined in order of the following criteria:
- //
- // * The most specific match as defined by the Route type.
- // * The oldest Route based on creation timestamp. For example, a
- // Route with
- // a creation timestamp of "2020-09-08 01:02:03" is given
- // precedence over
- // a Route with a creation timestamp of "2020-09-08 01:02:04".
- // * If everything else is equivalent, the Route appearing first
- // in
- // alphabetical order (namespace/name) should be given precedence.
- // For
- // example, foo/bar is given precedence over foo/baz.
- //
- // All valid rules within a Route attached to this Listener should
- // be
- // implemented. Invalid Route rules can be ignored (sometimes that
- // will mean
- // the full Route). If a Route rule transitions from valid to
- // invalid,
- // support for that Route rule should be dropped to ensure
- // consistency. For
- // example, even if a filter specified by a Route rule is invalid,
- // the rest
- // of the rules within that Route should still be supported.
- //
- // Support: Core
- allowedRoutes?: {
- // Kinds specifies the groups and kinds of Routes that are allowed
- // to bind
- // to this Gateway Listener. When unspecified or empty, the kinds
- // of Routes
- // selected are determined using the Listener protocol.
- //
- // A RouteGroupKind MUST correspond to kinds of Routes that are
- // compatible
- // with the application protocol specified in the Listener's
- // Protocol field.
- // If an implementation does not support or recognize this
- // resource type, it
- // MUST set the "ResolvedRefs" condition to False for this
- // Listener with the
- // "InvalidRouteKinds" reason.
- //
- // Support: Core
- kinds?: list.MaxItems(8) & [...{
- // Group is the group of the Route.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io"
-
- // Kind is the kind of the Route.
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
- }]
-
- // Namespaces indicates namespaces from which Routes may be
- // attached to this
- // Listener. This is restricted to the namespace of this Gateway
- // by default.
- //
- // Support: Core
- namespaces?: {
- // From indicates where Routes will be selected for this Gateway.
- // Possible
- // values are:
- //
- // * All: Routes in all namespaces may be used by this Gateway.
- // * Selector: Routes in namespaces selected by the selector may
- // be used by
- // this Gateway.
- // * Same: Only Routes in the same namespace may be used by this
- // Gateway.
- //
- // Support: Core
- from?: "All" | "Selector" | "Same" | *"Same"
-
- // Selector must be specified when From is set to "Selector". In
- // that case,
- // only Routes in Namespaces matching this Selector will be
- // selected by this
- // Gateway. This field is ignored for other values of "From".
- //
- // Support: Core
- selector?: {
- // matchExpressions is a list of label selector requirements. The
- // requirements are ANDed.
- matchExpressions?: [...{
- // key is the label key that the selector applies to.
- key!: string
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator!: string
-
- // values is an array of string values. If the operator is In or
- // NotIn,
- // the values array must be non-empty. If the operator is Exists
- // or DoesNotExist,
- // the values array must be empty. This array is replaced during a
- // strategic
- // merge patch.
- values?: [...string]
- }]
-
- // matchLabels is a map of {key,value} pairs. A single {key,value}
- // in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key
- // field is "key", the
- // operator is "In", and the values array contains only "value".
- // The requirements are ANDed.
- matchLabels?: close({
- [string]: string
- })
- }
- } | *{
- from: "Same"
- }
- } | *{
- namespaces: {
- from: "Same"
- }
- }
-
- // Hostname specifies the virtual hostname to match for protocol
- // types that
- // define this concept. When unspecified, all hostnames are
- // matched. This
- // field is ignored for protocols that don't require hostname
- // based
- // matching.
- //
- // Implementations MUST apply Hostname matching appropriately for
- // each of
- // the following protocols:
- //
- // * TLS: The Listener Hostname MUST match the SNI.
- // * HTTP: The Listener Hostname MUST match the Host header of the
- // request.
- // * HTTPS: The Listener Hostname SHOULD match at both the TLS and
- // HTTP
- // protocol layers as described above. If an implementation does
- // not
- // ensure that both the SNI and Host header match the Listener
- // hostname,
- // it MUST clearly document that.
- //
- // For HTTPRoute and TLSRoute resources, there is an interaction
- // with the
- // `spec.hostnames` array. When both listener and route specify
- // hostnames,
- // there MUST be an intersection between the values for a Route to
- // be
- // accepted. For more information, refer to the Route specific
- // Hostnames
- // documentation.
- //
- // Hostnames that are prefixed with a wildcard label (`*.`) are
- // interpreted
- // as a suffix match. That means that a match for `*.example.com`
- // would match
- // both `test.example.com`, and `foo.test.example.com`, but not
- // `example.com`.
- //
- // Support: Core
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Name is the name of the Listener. This name MUST be unique
- // within a
- // Gateway.
- //
- // Support: Core
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Port is the network port. Multiple listeners may use the
- // same port, subject to the Listener compatibility rules.
- //
- // Support: Core
- port!: uint16 & >=1
-
- // Protocol specifies the network protocol this listener expects
- // to receive.
- //
- // Support: Core
- protocol!: strings.MaxRunes(255) & strings.MinRunes(1) & {
- =~"^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$"
- }
-
- // TLS is the TLS configuration for the Listener. This field is
- // required if
- // the Protocol field is "HTTPS" or "TLS". It is invalid to set
- // this field
- // if the Protocol field is "HTTP", "TCP", or "UDP".
- //
- // The association of SNIs to Certificate defined in
- // GatewayTLSConfig is
- // defined based on the Hostname field for this listener.
- //
- // The GatewayClass MUST use the longest matching SNI out of all
- // available certificates for any TLS handshake.
- //
- // Support: Core
- tls?: {
- // CertificateRefs contains a series of references to Kubernetes
- // objects that
- // contains TLS certificates and private keys. These certificates
- // are used to
- // establish a TLS handshake for requests that match the hostname
- // of the
- // associated listener.
- //
- // A single CertificateRef to a Kubernetes Secret has "Core"
- // support.
- // Implementations MAY choose to support attaching multiple
- // certificates to
- // a Listener, but this behavior is implementation-specific.
- //
- // References to a resource in different namespace are invalid
- // UNLESS there
- // is a ReferenceGrant in the target namespace that allows the
- // certificate
- // to be attached. If a ReferenceGrant does not allow this
- // reference, the
- // "ResolvedRefs" condition MUST be set to False for this listener
- // with the
- // "RefNotPermitted" reason.
- //
- // This field is required to have at least one element when the
- // mode is set
- // to "Terminate" (default) and is optional otherwise.
- //
- // CertificateRefs can reference to standard Kubernetes resources,
- // i.e.
- // Secret, or implementation-specific custom resources.
- //
- // Support: Core - A single reference to a Kubernetes Secret of
- // type kubernetes.io/tls
- //
- // Support: Implementation-specific (More than one reference or
- // other resource types)
- certificateRefs?: list.MaxItems(64) & [...{
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is kind of the referent. For example "Secret".
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Secret"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referenced object. When
- // unspecified, the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
- }]
- frontendValidation?: {
- // CACertificateRefs contains one or more references to
- // Kubernetes objects that contain TLS certificates of
- // the Certificate Authorities that can be used
- // as a trust anchor to validate the certificates presented by the
- // client.
- //
- // A single CA certificate reference to a Kubernetes ConfigMap
- // has "Core" support.
- // Implementations MAY choose to support attaching multiple CA
- // certificates to
- // a Listener, but this behavior is implementation-specific.
- //
- // Support: Core - A single reference to a Kubernetes ConfigMap
- // with the CA certificate in a key named `ca.crt`.
- //
- // Support: Implementation-specific (More than one reference, or
- // other kinds
- // of resources).
- //
- // References to a resource in a different namespace are invalid
- // UNLESS there
- // is a ReferenceGrant in the target namespace that allows the
- // certificate
- // to be attached. If a ReferenceGrant does not allow this
- // reference, the
- // "ResolvedRefs" condition MUST be set to False for this listener
- // with the
- // "RefNotPermitted" reason.
- caCertificateRefs?: list.MaxItems(8) & [...{
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent. For example "ConfigMap" or
- // "Service".
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referenced object. When
- // unspecified, the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
- }] & [_, ...]
- }
-
- // Mode defines the TLS behavior for the TLS session initiated by
- // the client.
- // There are two possible modes:
- //
- // - Terminate: The TLS session between the downstream client and
- // the
- // Gateway is terminated at the Gateway. This mode requires
- // certificates
- // to be specified in some way, such as populating the
- // certificateRefs
- // field.
- // - Passthrough: The TLS session is NOT terminated by the
- // Gateway. This
- // implies that the Gateway can't decipher the TLS stream except
- // for
- // the ClientHello message of the TLS protocol. The
- // certificateRefs field
- // is ignored in this mode.
- //
- // Support: Core
- mode?: "Terminate" | "Passthrough" | *"Terminate"
-
- // Options are a list of key/value pairs to enable extended TLS
- // configuration for each implementation. For example, configuring
- // the
- // minimum TLS version or supported cipher suites.
- //
- // A set of common keys MAY be defined by the API in the future.
- // To avoid
- // any ambiguity, implementation-specific definitions MUST use
- // domain-prefixed names, such as `example.com/my-custom-option`.
- // Un-prefixed names are reserved for key names defined by Gateway
- // API.
- //
- // Support: Implementation-specific
- options?: close({
- [string]: strings.MaxRunes(4096) & strings.MinRunes(0)
- }) & struct.MaxFields(16)
- }
- }] & [_, ...]
-}
diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue
deleted file mode 100644
index 538d41efb..000000000
--- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue
+++ /dev/null
@@ -1,143 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml
-
-package v1
-
-import "strings"
-
-// GatewayClass describes a class of Gateways available to the
-// user for creating
-// Gateway resources.
-//
-// It is recommended that this resource be used as a template for
-// Gateways. This
-// means that a Gateway is based on the state of the GatewayClass
-// at the time it
-// was created and changes to the GatewayClass or associated
-// parameters are not
-// propagated down to existing Gateways. This recommendation is
-// intended to
-// limit the blast radius of changes to GatewayClass or associated
-// parameters.
-// If implementations choose to propagate GatewayClass changes to
-// existing
-// Gateways, that MUST be clearly documented by the
-// implementation.
-//
-// Whenever one or more Gateways are using a GatewayClass,
-// implementations SHOULD
-// add the `gateway-exists-finalizer.gateway.networking.k8s.io`
-// finalizer on the
-// associated GatewayClass. This ensures that a GatewayClass
-// associated with a
-// Gateway is not deleted while in use.
-//
-// GatewayClass is a Cluster level resource.
-#GatewayClass: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "gateway.networking.k8s.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "GatewayClass"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // Spec defines the desired state of GatewayClass.
- spec!: #GatewayClassSpec
-}
-
-// Spec defines the desired state of GatewayClass.
-#GatewayClassSpec: {
- // ControllerName is the name of the controller that is managing
- // Gateways of
- // this class. The value of this field MUST be a domain prefixed
- // path.
- //
- // Example: "example.net/gateway-controller".
- //
- // This field is not mutable and cannot be empty.
- //
- // Support: Core
- controllerName!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$"
- }
-
- // Description helps describe a GatewayClass with more details.
- description?: strings.MaxRunes(64)
-
- // ParametersRef is a reference to a resource that contains the
- // configuration
- // parameters corresponding to the GatewayClass. This is optional
- // if the
- // controller does not require any additional configuration.
- //
- // ParametersRef can reference a standard Kubernetes resource,
- // i.e. ConfigMap,
- // or an implementation-specific custom resource. The resource can
- // be
- // cluster-scoped or namespace-scoped.
- //
- // If the referent cannot be found, refers to an unsupported kind,
- // or when
- // the data within that resource is malformed, the GatewayClass
- // SHOULD be
- // rejected with the "Accepted" status condition set to "False"
- // and an
- // "InvalidParameters" reason.
- //
- // A Gateway for this GatewayClass may provide its own
- // `parametersRef`. When both are specified,
- // the merging behavior is implementation specific.
- // It is generally recommended that GatewayClass provides defaults
- // that can be overridden by a Gateway.
- //
- // Support: Implementation-specific
- parametersRef?: {
- // Group is the group of the referent.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent.
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referent.
- // This field is required when referring to a Namespace-scoped
- // resource and
- // MUST be unset when referring to a Cluster-scoped resource.
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue
deleted file mode 100644
index a1e538f0a..000000000
--- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue
+++ /dev/null
@@ -1,2266 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml
-
-package v1
-
-import (
- "strings"
- "list"
-)
-
-// HTTPRoute provides a way to route HTTP requests. This includes
-// the capability
-// to match requests by hostname, path, header, or query param.
-// Filters can be
-// used to specify additional processing steps. Backends specify
-// where matching
-// requests should be routed.
-#HTTPRoute: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "gateway.networking.k8s.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "HTTPRoute"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // Spec defines the desired state of HTTPRoute.
- spec!: #HTTPRouteSpec
-}
-
-// Spec defines the desired state of HTTPRoute.
-#HTTPRouteSpec: {
- // Hostnames defines a set of hostnames that should match against
- // the HTTP Host
- // header to select a HTTPRoute used to process the request.
- // Implementations
- // MUST ignore any port value specified in the HTTP Host header
- // while
- // performing a match and (absent of any applicable header
- // modification
- // configuration) MUST forward this header unmodified to the
- // backend.
- //
- // Valid values for Hostnames are determined by RFC 1123
- // definition of a
- // hostname with 2 notable exceptions:
- //
- // 1. IPs are not allowed.
- // 2. A hostname may be prefixed with a wildcard label (`*.`). The
- // wildcard
- // label must appear by itself as the first label.
- //
- // If a hostname is specified by both the Listener and HTTPRoute,
- // there
- // must be at least one intersecting hostname for the HTTPRoute to
- // be
- // attached to the Listener. For example:
- //
- // * A Listener with `test.example.com` as the hostname matches
- // HTTPRoutes
- // that have either not specified any hostnames, or have specified
- // at
- // least one of `test.example.com` or `*.example.com`.
- // * A Listener with `*.example.com` as the hostname matches
- // HTTPRoutes
- // that have either not specified any hostnames or have specified
- // at least
- // one hostname that matches the Listener hostname. For example,
- // `*.example.com`, `test.example.com`, and `foo.test.example.com`
- // would
- // all match. On the other hand, `example.com` and
- // `test.example.net` would
- // not match.
- //
- // Hostnames that are prefixed with a wildcard label (`*.`) are
- // interpreted
- // as a suffix match. That means that a match for `*.example.com`
- // would match
- // both `test.example.com`, and `foo.test.example.com`, but not
- // `example.com`.
- //
- // If both the Listener and HTTPRoute have specified hostnames,
- // any
- // HTTPRoute hostnames that do not match the Listener hostname
- // MUST be
- // ignored. For example, if a Listener specified `*.example.com`,
- // and the
- // HTTPRoute specified `test.example.com` and `test.example.net`,
- // `test.example.net` must not be considered for a match.
- //
- // If both the Listener and HTTPRoute have specified hostnames,
- // and none
- // match with the criteria above, then the HTTPRoute is not
- // accepted. The
- // implementation must raise an 'Accepted' Condition with a status
- // of
- // `False` in the corresponding RouteParentStatus.
- //
- // In the event that multiple HTTPRoutes specify intersecting
- // hostnames (e.g.
- // overlapping wildcard matching and exact matching hostnames),
- // precedence must
- // be given to rules from the HTTPRoute with the largest number
- // of:
- //
- // * Characters in a matching non-wildcard hostname.
- // * Characters in a matching hostname.
- //
- // If ties exist across multiple Routes, the matching precedence
- // rules for
- // HTTPRouteMatches takes over.
- //
- // Support: Core
- hostnames?: list.MaxItems(16) & [...strings.MaxRunes(253) & strings.MinRunes(1) & =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"]
-
- // ParentRefs references the resources (usually Gateways) that a
- // Route wants
- // to be attached to. Note that the referenced parent resource
- // needs to
- // allow this for the attachment to be complete. For Gateways,
- // that means
- // the Gateway needs to allow attachment from Routes of this kind
- // and
- // namespace. For Services, that means the Service must either be
- // in the same
- // namespace for a "producer" route, or the mesh implementation
- // must support
- // and allow "consumer" routes for the referenced Service.
- // ReferenceGrant is
- // not applicable for governing ParentRefs to Services - it is not
- // possible to
- // create a "producer" route for a Service in a different
- // namespace from the
- // Route.
- //
- // There are two kinds of parent resources with "Core" support:
- //
- // * Gateway (Gateway conformance profile)
- // * Service (Mesh conformance profile, ClusterIP Services only)
- //
- // This API may be extended in the future to support additional
- // kinds of parent
- // resources.
- //
- // ParentRefs must be _distinct_. This means either that:
- //
- // * They select different objects. If this is the case, then
- // parentRef
- // entries are distinct. In terms of fields, this means that the
- // multi-part key defined by `group`, `kind`, `namespace`, and
- // `name` must
- // be unique across all parentRef entries in the Route.
- // * They do not select different objects, but for each optional
- // field used,
- // each ParentRef that selects the same object must set the same
- // set of
- // optional fields to different values. If one ParentRef sets a
- // combination of optional fields, all must set the same
- // combination.
- //
- // Some examples:
- //
- // * If one ParentRef sets `sectionName`, all ParentRefs
- // referencing the
- // same object must also set `sectionName`.
- // * If one ParentRef sets `port`, all ParentRefs referencing the
- // same
- // object must also set `port`.
- // * If one ParentRef sets `sectionName` and `port`, all
- // ParentRefs
- // referencing the same object must also set `sectionName` and
- // `port`.
- //
- // It is possible to separately reference multiple distinct
- // objects that may
- // be collapsed by an implementation. For example, some
- // implementations may
- // choose to merge compatible Gateway Listeners together. If that
- // is the
- // case, the list of routes attached to those resources should
- // also be
- // merged.
- //
- // Note that for ParentRefs that cross namespace boundaries, there
- // are specific
- // rules. Cross-namespace references are only valid if they are
- // explicitly
- // allowed by something in the namespace they are referring to.
- // For example,
- // Gateway has the AllowedRoutes field, and ReferenceGrant
- // provides a
- // generic way to enable other kinds of cross-namespace reference.
- //
- //
- // ParentRefs from a Route to a Service in the same namespace are
- // "producer"
- // routes, which apply default routing rules to inbound
- // connections from
- // any namespace to the Service.
- //
- // ParentRefs from a Route to a Service in a different namespace
- // are
- // "consumer" routes, and these routing rules are only applied to
- // outbound
- // connections originating from the same namespace as the Route,
- // for which
- // the intended destination of the connections are a Service
- // targeted as a
- // ParentRef of the Route.
- parentRefs?: list.MaxItems(32) & [...{
- // Group is the group of the referent.
- // When unspecified, "gateway.networking.k8s.io" is inferred.
- // To set the core API group (such as for a "Service" kind
- // referent),
- // Group must be explicitly set to "" (empty string).
- //
- // Support: Core
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io"
-
- // Kind is kind of the referent.
- //
- // There are two kinds of parent resources with "Core" support:
- //
- // * Gateway (Gateway conformance profile)
- // * Service (Mesh conformance profile, ClusterIP Services only)
- //
- // Support for other resources is Implementation-Specific.
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway"
-
- // Name is the name of the referent.
- //
- // Support: Core
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the referent. When unspecified,
- // this refers
- // to the local namespace of the Route.
- //
- // Note that there are specific rules for ParentRefs which cross
- // namespace
- // boundaries. Cross-namespace references are only valid if they
- // are explicitly
- // allowed by something in the namespace they are referring to.
- // For example:
- // Gateway has the AllowedRoutes field, and ReferenceGrant
- // provides a
- // generic way to enable any other kind of cross-namespace
- // reference.
- //
- //
- // ParentRefs from a Route to a Service in the same namespace are
- // "producer"
- // routes, which apply default routing rules to inbound
- // connections from
- // any namespace to the Service.
- //
- // ParentRefs from a Route to a Service in a different namespace
- // are
- // "consumer" routes, and these routing rules are only applied to
- // outbound
- // connections originating from the same namespace as the Route,
- // for which
- // the intended destination of the connections are a Service
- // targeted as a
- // ParentRef of the Route.
- //
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port is the network port this Route targets. It can be
- // interpreted
- // differently based on the type of parent resource.
- //
- // When the parent resource is a Gateway, this targets all
- // listeners
- // listening on the specified port that also support this kind of
- // Route(and
- // select this Route). It's not recommended to set `Port` unless
- // the
- // networking behaviors specified in a Route must apply to a
- // specific port
- // as opposed to a listener(s) whose port(s) may be changed. When
- // both Port
- // and SectionName are specified, the name and port of the
- // selected listener
- // must match both specified values.
- //
- //
- // When the parent resource is a Service, this targets a specific
- // port in the
- // Service spec. When both Port (experimental) and SectionName are
- // specified,
- // the name and port of the selected port must match both
- // specified values.
- //
- //
- // Implementations MAY choose to support other parent resources.
- // Implementations supporting other types of parent resources MUST
- // clearly
- // document how/if Port is interpreted.
- //
- // For the purpose of status, an attachment is considered
- // successful as
- // long as the parent resource accepts it partially. For example,
- // Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment
- // from the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route,
- // the Route MUST be considered detached from the Gateway.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // SectionName is the name of a section within the target
- // resource. In the
- // following resources, SectionName is interpreted as the
- // following:
- //
- // * Gateway: Listener name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- // * Service: Port name. When both Port (experimental) and
- // SectionName
- // are specified, the name and port of the selected listener must
- // match
- // both specified values.
- //
- // Implementations MAY choose to support attaching Routes to other
- // resources.
- // If that is the case, they MUST clearly document how SectionName
- // is
- // interpreted.
- //
- // When unspecified (empty string), this will reference the entire
- // resource.
- // For the purpose of status, an attachment is considered
- // successful if at
- // least one section in the parent resource accepts it. For
- // example, Gateway
- // listeners can restrict which Routes can attach to them by Route
- // kind,
- // namespace, or hostname. If 1 of 2 Gateway listeners accept
- // attachment from
- // the referencing Route, the Route MUST be considered
- // successfully
- // attached. If no Gateway listeners accept attachment from this
- // Route, the
- // Route MUST be considered detached from the Gateway.
- //
- // Support: Core
- sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
- }]
-
- // Rules are a list of HTTP matchers, filters and actions.
- rules?: list.MaxItems(16) & [...{
- // BackendRefs defines the backend(s) where matching requests
- // should be
- // sent.
- //
- // Failure behavior here depends on how many BackendRefs are
- // specified and
- // how many are invalid.
- //
- // If *all* entries in BackendRefs are invalid, and there are also
- // no filters
- // specified in this route rule, *all* traffic which matches this
- // rule MUST
- // receive a 500 status code.
- //
- // See the HTTPBackendRef definition for the rules about what
- // makes a single
- // HTTPBackendRef invalid.
- //
- // When a HTTPBackendRef is invalid, 500 status codes MUST be
- // returned for
- // requests that would have otherwise been routed to an invalid
- // backend. If
- // multiple backends are specified, and some are invalid, the
- // proportion of
- // requests that would otherwise have been routed to an invalid
- // backend
- // MUST receive a 500 status code.
- //
- // For example, if two backends are specified with equal weights,
- // and one is
- // invalid, 50 percent of traffic must receive a 500.
- // Implementations may
- // choose how that 50 percent is determined.
- //
- // When a HTTPBackendRef refers to a Service that has no ready
- // endpoints,
- // implementations SHOULD return a 503 for requests to that
- // backend instead.
- // If an implementation chooses to do this, all of the above rules
- // for 500 responses
- // MUST also apply for responses that return a 503.
- //
- // Support: Core for Kubernetes Service
- //
- // Support: Extended for Kubernetes ServiceImport
- //
- // Support: Implementation-specific for any other resource
- //
- // Support for weight: Core
- backendRefs?: list.MaxItems(16) & [...{
- // Filters defined at this level should be executed if and only if
- // the
- // request is being forwarded to the backend defined here.
- //
- // Support: Implementation-specific (For broader support of
- // filters, use the
- // Filters field in HTTPRouteRule.)
- filters?: list.MaxItems(16) & [...{
- // ExtensionRef is an optional, implementation-specific extension
- // to the
- // "filter" behavior. For example, resource "myroutefilter" in
- // group
- // "networking.example.net"). ExtensionRef MUST NOT be used for
- // core and
- // extended filters.
- //
- // This filter can be used multiple times within the same rule.
- //
- // Support: Implementation-specific
- extensionRef?: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent. For example "HTTPRoute" or
- // "Service".
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
- }
-
- // RequestHeaderModifier defines a schema for a filter that
- // modifies request
- // headers.
- //
- // Support: Core
- requestHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // RequestMirror defines a schema for a filter that mirrors
- // requests.
- // Requests are sent to the specified destination, but responses
- // from
- // that destination are ignored.
- //
- // This filter can be used multiple times within the same rule.
- // Note that
- // not all implementations will be able to support mirroring to
- // multiple
- // backends.
- //
- // Support: Extended
- requestMirror?: {
- // BackendRef references a resource where mirrored requests are
- // sent.
- //
- // Mirrored requests must be sent only to a single destination
- // endpoint
- // within this BackendRef, irrespective of how many endpoints are
- // present
- // within this BackendRef.
- //
- // If the referent cannot be found, this BackendRef is invalid and
- // must be
- // dropped from the Gateway. The controller must ensure the
- // "ResolvedRefs"
- // condition on the Route status is set to `status: False` and not
- // configure
- // this backend in the underlying implementation.
- //
- // If there is a cross-namespace reference to an *existing* object
- // that is not allowed by a ReferenceGrant, the controller must
- // ensure the
- // "ResolvedRefs" condition on the Route is set to `status:
- // False`,
- // with the "RefNotPermitted" reason and not configure this
- // backend in the
- // underlying implementation.
- //
- // In either error case, the Message of the `ResolvedRefs`
- // Condition
- // should be used to provide more detail about the problem.
- //
- // Support: Extended for Kubernetes Service
- //
- // Support: Implementation-specific for any other resource
- backendRef!: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
- }
-
- // Fraction represents the fraction of requests that should be
- // mirrored to BackendRef.
- //
- // Only one of Fraction or Percent may be specified. If neither
- // field
- // is specified, 100% of requests will be mirrored.
- fraction?: {
- denominator?: int32 & int & >=1 | *100
- numerator!: int32 & >=0
- }
-
- // Percent represents the percentage of requests that should be
- // mirrored to BackendRef. Its minimum value is 0 (indicating 0%
- // of
- // requests) and its maximum value is 100 (indicating 100% of
- // requests).
- //
- // Only one of Fraction or Percent may be specified. If neither
- // field
- // is specified, 100% of requests will be mirrored.
- percent?: uint & <=100
- }
-
- // RequestRedirect defines a schema for a filter that responds to
- // the
- // request with an HTTP redirection.
- //
- // Support: Core
- requestRedirect?: {
- // Hostname is the hostname to be used in the value of the
- // `Location`
- // header in the response.
- // When empty, the hostname in the `Host` header of the request is
- // used.
- //
- // Support: Core
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines parameters used to modify the path of the incoming
- // request.
- // The modified path is then used to construct the `Location`
- // header. When
- // empty, the request path is used as-is.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
-
- // Port is the port to be used in the value of the `Location`
- // header in the response.
- //
- // If no port is specified, the redirect port MUST be derived
- // using the
- // following rules:
- //
- // * If redirect scheme is not-empty, the redirect port MUST be
- // the well-known
- // port associated with the redirect scheme. Specifically "http"
- // to port 80
- // and "https" to port 443. If the redirect scheme does not have a
- // well-known port, the listener port of the Gateway SHOULD be
- // used.
- // * If redirect scheme is empty, the redirect port MUST be the
- // Gateway
- // Listener port.
- //
- // Implementations SHOULD NOT add the port number in the
- // 'Location'
- // header in the following cases:
- //
- // * A Location header that will use HTTP (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 80.
- // * A Location header that will use HTTPS (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 443.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // Scheme is the scheme to be used in the value of the `Location`
- // header in
- // the response. When empty, the scheme of the request is used.
- //
- // Scheme redirects can affect the port of the redirect, for more
- // information,
- // refer to the documentation for the port field of this filter.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Extended
- scheme?: "http" | "https"
-
- // StatusCode is the HTTP status code to be used in response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Core
- statusCode?: (301 | 302) & int | *302
- }
-
- // ResponseHeaderModifier defines a schema for a filter that
- // modifies response
- // headers.
- //
- // Support: Extended
- responseHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // Type identifies the type of filter to apply. As with other API
- // fields,
- // types are classified into three conformance levels:
- //
- // - Core: Filter types and their corresponding configuration
- // defined by
- // "Support: Core" in this package, e.g. "RequestHeaderModifier".
- // All
- // implementations must support core filters.
- //
- // - Extended: Filter types and their corresponding configuration
- // defined by
- // "Support: Extended" in this package, e.g. "RequestMirror".
- // Implementers
- // are encouraged to support extended filters.
- //
- // - Implementation-specific: Filters that are defined and
- // supported by
- // specific vendors.
- // In the future, filters showing convergence in behavior across
- // multiple
- // implementations will be considered for inclusion in extended or
- // core
- // conformance levels. Filter-specific configuration for such
- // filters
- // is specified using the ExtensionRef field. `Type` should be set
- // to
- // "ExtensionRef" for custom filters.
- //
- // Implementers are encouraged to define custom implementation
- // types to
- // extend the core API with implementation-specific behavior.
- //
- // If a reference to a custom filter type cannot be resolved, the
- // filter
- // MUST NOT be skipped. Instead, requests that would have been
- // processed by
- // that filter MUST receive a HTTP error response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef"
-
- // URLRewrite defines a schema for a filter that modifies a
- // request during forwarding.
- //
- // Support: Extended
- urlRewrite?: {
- // Hostname is the value to be used to replace the Host header
- // value during
- // forwarding.
- //
- // Support: Extended
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines a path rewrite.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
- }
- }]
-
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
-
- // Weight specifies the proportion of requests forwarded to the
- // referenced
- // backend. This is computed as weight/(sum of all weights in this
- // BackendRefs list). For non-zero values, there may be some
- // epsilon from
- // the exact proportion defined here depending on the precision an
- // implementation supports. Weight is not a percentage and the sum
- // of
- // weights does not need to equal 100.
- //
- // If only one backend is specified and it has a weight greater
- // than 0, 100%
- // of the traffic is forwarded to that backend. If weight is set
- // to 0, no
- // traffic should be forwarded for this entry. If unspecified,
- // weight
- // defaults to 1.
- //
- // Support for this field varies based on the context where used.
- weight?: int32 & int & <=1000000 & >=0 | *1
- }]
-
- // Filters define the filters that are applied to requests that
- // match
- // this rule.
- //
- // Wherever possible, implementations SHOULD implement filters in
- // the order
- // they are specified.
- //
- // Implementations MAY choose to implement this ordering strictly,
- // rejecting
- // any combination or order of filters that can not be supported.
- // If implementations
- // choose a strict interpretation of filter ordering, they MUST
- // clearly document
- // that behavior.
- //
- // To reject an invalid combination or order of filters,
- // implementations SHOULD
- // consider the Route Rules with this configuration invalid. If
- // all Route Rules
- // in a Route are invalid, the entire Route would be considered
- // invalid. If only
- // a portion of Route Rules are invalid, implementations MUST set
- // the
- // "PartiallyInvalid" condition for the Route.
- //
- // Conformance-levels at this level are defined based on the type
- // of filter:
- //
- // - ALL core filters MUST be supported by all implementations.
- // - Implementers are encouraged to support extended filters.
- // - Implementation-specific custom filters have no API guarantees
- // across
- // implementations.
- //
- // Specifying the same filter multiple times is not supported
- // unless explicitly
- // indicated in the filter.
- //
- // All filters are expected to be compatible with each other
- // except for the
- // URLRewrite and RequestRedirect filters, which may not be
- // combined. If an
- // implementation can not support other combinations of filters,
- // they must clearly
- // document that limitation. In cases where incompatible or
- // unsupported
- // filters are specified and cause the `Accepted` condition to be
- // set to status
- // `False`, implementations may use the `IncompatibleFilters`
- // reason to specify
- // this configuration error.
- //
- // Support: Core
- filters?: list.MaxItems(16) & [...{
- // ExtensionRef is an optional, implementation-specific extension
- // to the
- // "filter" behavior. For example, resource "myroutefilter" in
- // group
- // "networking.example.net"). ExtensionRef MUST NOT be used for
- // core and
- // extended filters.
- //
- // This filter can be used multiple times within the same rule.
- //
- // Support: Implementation-specific
- extensionRef?: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group!: strings.MaxRunes(253) & {
- =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Kind is kind of the referent. For example "HTTPRoute" or
- // "Service".
- kind!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
- }
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
- }
-
- // RequestHeaderModifier defines a schema for a filter that
- // modifies request
- // headers.
- //
- // Support: Core
- requestHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // RequestMirror defines a schema for a filter that mirrors
- // requests.
- // Requests are sent to the specified destination, but responses
- // from
- // that destination are ignored.
- //
- // This filter can be used multiple times within the same rule.
- // Note that
- // not all implementations will be able to support mirroring to
- // multiple
- // backends.
- //
- // Support: Extended
- requestMirror?: {
- // BackendRef references a resource where mirrored requests are
- // sent.
- //
- // Mirrored requests must be sent only to a single destination
- // endpoint
- // within this BackendRef, irrespective of how many endpoints are
- // present
- // within this BackendRef.
- //
- // If the referent cannot be found, this BackendRef is invalid and
- // must be
- // dropped from the Gateway. The controller must ensure the
- // "ResolvedRefs"
- // condition on the Route status is set to `status: False` and not
- // configure
- // this backend in the underlying implementation.
- //
- // If there is a cross-namespace reference to an *existing* object
- // that is not allowed by a ReferenceGrant, the controller must
- // ensure the
- // "ResolvedRefs" condition on the Route is set to `status:
- // False`,
- // with the "RefNotPermitted" reason and not configure this
- // backend in the
- // underlying implementation.
- //
- // In either error case, the Message of the `ResolvedRefs`
- // Condition
- // should be used to provide more detail about the problem.
- //
- // Support: Extended for Kubernetes Service
- //
- // Support: Implementation-specific for any other resource
- backendRef!: {
- // Group is the group of the referent. For example,
- // "gateway.networking.k8s.io".
- // When unspecified or empty string, core API group is inferred.
- group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *""
-
- // Kind is the Kubernetes resource kind of the referent. For
- // example
- // "Service".
- //
- // Defaults to "Service" when not specified.
- //
- // ExternalName services can refer to CNAME DNS records that may
- // live
- // outside of the cluster and as such are difficult to reason
- // about in
- // terms of conformance. They also may not be safe to forward to
- // (see
- // CVE-2021-25740 for more information). Implementations SHOULD
- // NOT
- // support ExternalName Services.
- //
- // Support: Core (Services with a type other than ExternalName)
- //
- // Support: Implementation-specific (Services with type
- // ExternalName)
- kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service"
-
- // Name is the name of the referent.
- name!: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Namespace is the namespace of the backend. When unspecified,
- // the local
- // namespace is inferred.
- //
- // Note that when a namespace different than the local namespace
- // is specified,
- // a ReferenceGrant object is required in the referent namespace
- // to allow that
- // namespace's owner to accept the reference. See the
- // ReferenceGrant
- // documentation for details.
- //
- // Support: Core
- namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
- }
-
- // Port specifies the destination port number to use for this
- // resource.
- // Port is required when the referent is a Kubernetes Service. In
- // this
- // case, the port number is the service port number, not the
- // target port.
- // For other resources, destination port might be derived from the
- // referent
- // resource or this field.
- port?: uint16 & >=1
- }
-
- // Fraction represents the fraction of requests that should be
- // mirrored to BackendRef.
- //
- // Only one of Fraction or Percent may be specified. If neither
- // field
- // is specified, 100% of requests will be mirrored.
- fraction?: {
- denominator?: int32 & int & >=1 | *100
- numerator!: int32 & >=0
- }
-
- // Percent represents the percentage of requests that should be
- // mirrored to BackendRef. Its minimum value is 0 (indicating 0%
- // of
- // requests) and its maximum value is 100 (indicating 100% of
- // requests).
- //
- // Only one of Fraction or Percent may be specified. If neither
- // field
- // is specified, 100% of requests will be mirrored.
- percent?: uint & <=100
- }
-
- // RequestRedirect defines a schema for a filter that responds to
- // the
- // request with an HTTP redirection.
- //
- // Support: Core
- requestRedirect?: {
- // Hostname is the hostname to be used in the value of the
- // `Location`
- // header in the response.
- // When empty, the hostname in the `Host` header of the request is
- // used.
- //
- // Support: Core
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines parameters used to modify the path of the incoming
- // request.
- // The modified path is then used to construct the `Location`
- // header. When
- // empty, the request path is used as-is.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
-
- // Port is the port to be used in the value of the `Location`
- // header in the response.
- //
- // If no port is specified, the redirect port MUST be derived
- // using the
- // following rules:
- //
- // * If redirect scheme is not-empty, the redirect port MUST be
- // the well-known
- // port associated with the redirect scheme. Specifically "http"
- // to port 80
- // and "https" to port 443. If the redirect scheme does not have a
- // well-known port, the listener port of the Gateway SHOULD be
- // used.
- // * If redirect scheme is empty, the redirect port MUST be the
- // Gateway
- // Listener port.
- //
- // Implementations SHOULD NOT add the port number in the
- // 'Location'
- // header in the following cases:
- //
- // * A Location header that will use HTTP (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 80.
- // * A Location header that will use HTTPS (whether that is
- // determined via
- // the Listener protocol or the Scheme field) _and_ use port 443.
- //
- // Support: Extended
- port?: uint16 & >=1
-
- // Scheme is the scheme to be used in the value of the `Location`
- // header in
- // the response. When empty, the scheme of the request is used.
- //
- // Scheme redirects can affect the port of the redirect, for more
- // information,
- // refer to the documentation for the port field of this filter.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Extended
- scheme?: "http" | "https"
-
- // StatusCode is the HTTP status code to be used in response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- //
- // Support: Core
- statusCode?: (301 | 302) & int | *302
- }
-
- // ResponseHeaderModifier defines a schema for a filter that
- // modifies response
- // headers.
- //
- // Support: Extended
- responseHeaderModifier?: {
- // Add adds the given header(s) (name, value) to the request
- // before the action. It appends to any existing values associated
- // with the header name.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // add:
- // - name: "my-header"
- // value: "bar,baz"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: foo,bar,baz
- add?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Remove the given header(s) from the HTTP request before the
- // action. The
- // value of Remove is a list of HTTP header names. Note that the
- // header
- // names are case-insensitive (see
- // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header1: foo
- // my-header2: bar
- // my-header3: baz
- //
- // Config:
- // remove: ["my-header1", "my-header3"]
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header2: bar
- remove?: list.MaxItems(16) & [...string]
-
- // Set overwrites the request with the given header (name, value)
- // before the action.
- //
- // Input:
- // GET /foo HTTP/1.1
- // my-header: foo
- //
- // Config:
- // set:
- // - name: "my-header"
- // value: "bar"
- //
- // Output:
- // GET /foo HTTP/1.1
- // my-header: bar
- set?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, the first
- // entry with
- // an equivalent name MUST be considered for a match. Subsequent
- // entries
- // with an equivalent header name MUST be ignored. Due to the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
- }
-
- // Type identifies the type of filter to apply. As with other API
- // fields,
- // types are classified into three conformance levels:
- //
- // - Core: Filter types and their corresponding configuration
- // defined by
- // "Support: Core" in this package, e.g. "RequestHeaderModifier".
- // All
- // implementations must support core filters.
- //
- // - Extended: Filter types and their corresponding configuration
- // defined by
- // "Support: Extended" in this package, e.g. "RequestMirror".
- // Implementers
- // are encouraged to support extended filters.
- //
- // - Implementation-specific: Filters that are defined and
- // supported by
- // specific vendors.
- // In the future, filters showing convergence in behavior across
- // multiple
- // implementations will be considered for inclusion in extended or
- // core
- // conformance levels. Filter-specific configuration for such
- // filters
- // is specified using the ExtensionRef field. `Type` should be set
- // to
- // "ExtensionRef" for custom filters.
- //
- // Implementers are encouraged to define custom implementation
- // types to
- // extend the core API with implementation-specific behavior.
- //
- // If a reference to a custom filter type cannot be resolved, the
- // filter
- // MUST NOT be skipped. Instead, requests that would have been
- // processed by
- // that filter MUST receive a HTTP error response.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef"
-
- // URLRewrite defines a schema for a filter that modifies a
- // request during forwarding.
- //
- // Support: Extended
- urlRewrite?: {
- // Hostname is the value to be used to replace the Host header
- // value during
- // forwarding.
- //
- // Support: Extended
- hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Path defines a path rewrite.
- //
- // Support: Extended
- path?: {
- // ReplaceFullPath specifies the value with which to replace the
- // full path
- // of a request during a rewrite or redirect.
- replaceFullPath?: strings.MaxRunes(1024)
-
- // ReplacePrefixMatch specifies the value with which to replace
- // the prefix
- // match of a request during a rewrite or redirect. For example, a
- // request
- // to "/foo/bar" with a prefix match of "/foo" and a
- // ReplacePrefixMatch
- // of "/xyz" would be modified to "/xyz/bar".
- //
- // Note that this matches the behavior of the PathPrefix match
- // type. This
- // matches full path elements. A path element refers to the list
- // of labels
- // in the path split by the `/` separator. When specified, a
- // trailing `/` is
- // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def`
- // would all
- // match the prefix `/abc`, but the path `/abcd` would not.
- //
- // ReplacePrefixMatch is only compatible with a `PathPrefix`
- // HTTPRouteMatch.
- // Using any other HTTPRouteMatch type on the same HTTPRouteRule
- // will result in
- // the implementation setting the Accepted Condition for the Route
- // to `status: False`.
- //
- // Request Path | Prefix Match | Replace Prefix | Modified Path
- replacePrefixMatch?: strings.MaxRunes(1024)
-
- // Type defines the type of path modifier. Additional types may be
- // added in a future release of the API.
- //
- // Note that values may be added to this enum, implementations
- // must ensure that unknown values will not cause a crash.
- //
- // Unknown values here must result in the implementation setting
- // the
- // Accepted Condition for the Route to `status: False`, with a
- // Reason of `UnsupportedValue`.
- type!: "ReplaceFullPath" | "ReplacePrefixMatch"
- }
- }
- }]
-
- // Matches define conditions used for matching the rule against
- // incoming
- // HTTP requests. Each match is independent, i.e. this rule will
- // be matched
- // if **any** one of the matches is satisfied.
- //
- // For example, take the following matches configuration:
- //
- // ```
- // matches:
- // - path:
- // value: "/foo"
- // headers:
- // - name: "version"
- // value: "v2"
- // - path:
- // value: "/v2/foo"
- // ```
- //
- // For a request to match against this rule, a request must
- // satisfy
- // EITHER of the two conditions:
- //
- // - path prefixed with `/foo` AND contains the header `version:
- // v2`
- // - path prefix of `/v2/foo`
- //
- // See the documentation for HTTPRouteMatch on how to specify
- // multiple
- // match conditions that should be ANDed together.
- //
- // If no matches are specified, the default is a prefix
- // path match on "/", which has the effect of matching every
- // HTTP request.
- //
- // Proxy or Load Balancer routing configuration generated from
- // HTTPRoutes
- // MUST prioritize matches based on the following criteria,
- // continuing on
- // ties. Across all rules specified on applicable Routes,
- // precedence must be
- // given to the match having:
- //
- // * "Exact" path match.
- // * "Prefix" path match with largest number of characters.
- // * Method match.
- // * Largest number of header matches.
- // * Largest number of query param matches.
- //
- // Note: The precedence of RegularExpression path matches are
- // implementation-specific.
- //
- // If ties still exist across multiple Routes, matching precedence
- // MUST be
- // determined in order of the following criteria, continuing on
- // ties:
- //
- // * The oldest Route based on creation timestamp.
- // * The Route appearing first in alphabetical order by
- // "{namespace}/{name}".
- //
- // If ties still exist within an HTTPRoute, matching precedence
- // MUST be granted
- // to the FIRST matching rule (in list order) with a match meeting
- // the above
- // criteria.
- //
- // When no rules matching a request have been successfully
- // attached to the
- // parent a request is coming from, a HTTP 404 status code MUST be
- // returned.
- matches?: list.MaxItems(64) & [...{
- // Headers specifies HTTP request header matchers. Multiple match
- // values are
- // ANDed together, meaning, a request must match all the specified
- // headers
- // to select the route.
- headers?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP Header to be matched. Name
- // matching MUST be
- // case insensitive. (See
- // https://tools.ietf.org/html/rfc7230#section-3.2).
- //
- // If multiple entries specify equivalent header names, only the
- // first
- // entry with an equivalent name MUST be considered for a match.
- // Subsequent
- // entries with an equivalent header name MUST be ignored. Due to
- // the
- // case-insensitivity of header names, "foo" and "Foo" are
- // considered
- // equivalent.
- //
- // When a header is repeated in an HTTP request, it is
- // implementation-specific behavior as to how this is represented.
- // Generally, proxies should follow the guidance from the RFC:
- // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
- // regarding
- // processing a repeated header, with special handling for
- // "Set-Cookie".
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Type specifies how to match against the value of the header.
- //
- // Support: Core (Exact)
- //
- // Support: Implementation-specific (RegularExpression)
- //
- // Since RegularExpression HeaderMatchType has
- // implementation-specific
- // conformance, implementations can support POSIX, PCRE or any
- // other dialects
- // of regular expressions. Please read the implementation's
- // documentation to
- // determine the supported dialect.
- type?: "Exact" | "RegularExpression" | *"Exact"
-
- // Value is the value of HTTP Header to be matched.
- value!: strings.MaxRunes(4096) & strings.MinRunes(1)
- }]
-
- // Method specifies HTTP method matcher.
- // When specified, this route will be matched only if the request
- // has the
- // specified method.
- //
- // Support: Extended
- method?: "GET" | "HEAD" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH"
-
- // Path specifies a HTTP request path matcher. If this field is
- // not
- // specified, a default prefix match on the "/" path is provided.
- path?: {
- // Type specifies how to match against the path Value.
- //
- // Support: Core (Exact, PathPrefix)
- //
- // Support: Implementation-specific (RegularExpression)
- type?: "Exact" | "PathPrefix" | "RegularExpression" | *"PathPrefix"
-
- // Value of the HTTP path to match against.
- value?: strings.MaxRunes(1024) | *"/"
- } | *{
- type: "PathPrefix"
- value: "/"
- }
-
- // QueryParams specifies HTTP query parameter matchers. Multiple
- // match
- // values are ANDed together, meaning, a request must match all
- // the
- // specified query parameters to select the route.
- //
- // Support: Extended
- queryParams?: list.MaxItems(16) & [...{
- // Name is the name of the HTTP query param to be matched. This
- // must be an
- // exact string match. (See
- // https://tools.ietf.org/html/rfc7230#section-2.7.3).
- //
- // If multiple entries specify equivalent query param names, only
- // the first
- // entry with an equivalent name MUST be considered for a match.
- // Subsequent
- // entries with an equivalent query param name MUST be ignored.
- //
- // If a query param is repeated in an HTTP request, the behavior
- // is
- // purposely left undefined, since different data planes have
- // different
- // capabilities. However, it is *recommended* that implementations
- // should
- // match against the first value of the param if the data plane
- // supports it,
- // as this behavior is expected in other load balancing contexts
- // outside of
- // the Gateway API.
- //
- // Users SHOULD NOT route traffic based on repeated query params
- // to guard
- // themselves against potential differences in the
- // implementations.
- name!: strings.MaxRunes(256) & strings.MinRunes(1) & {
- =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$"
- }
-
- // Type specifies how to match against the value of the query
- // parameter.
- //
- // Support: Extended (Exact)
- //
- // Support: Implementation-specific (RegularExpression)
- //
- // Since RegularExpression QueryParamMatchType has
- // Implementation-specific
- // conformance, implementations can support POSIX, PCRE or any
- // other
- // dialects of regular expressions. Please read the
- // implementation's
- // documentation to determine the supported dialect.
- type?: "Exact" | "RegularExpression" | *"Exact"
-
- // Value is the value of HTTP query param to be matched.
- value!: strings.MaxRunes(1024) & strings.MinRunes(1)
- }]
- }] | *[{
- path: {
- type: "PathPrefix"
- value: "/"
- }
- }]
-
- // Name is the name of the route rule. This name MUST be unique
- // within a Route if it is set.
- //
- // Support: Extended
- name?: strings.MaxRunes(253) & strings.MinRunes(1) & {
- =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
- }
-
- // Retry defines the configuration for when to retry an HTTP
- // request.
- //
- // Support: Extended
- retry?: {
- // Attempts specifies the maxmimum number of times an individual
- // request
- // from the gateway to a backend should be retried.
- //
- // If the maximum number of retries has been attempted without a
- // successful
- // response from the backend, the Gateway MUST return an error.
- //
- // When this field is unspecified, the number of times to attempt
- // to retry
- // a backend request is implementation-specific.
- //
- // Support: Extended
- attempts?: int
-
- // Backoff specifies the minimum duration a Gateway should wait
- // between
- // retry attempts and is represented in Gateway API Duration
- // formatting.
- //
- // For example, setting the `rules[].retry.backoff` field to the
- // value
- // `100ms` will cause a backend request to first be retried
- // approximately
- // 100 milliseconds after timing out or receiving a response code
- // configured
- // to be retryable.
- //
- // An implementation MAY use an exponential or alternative backoff
- // strategy
- // for subsequent retry attempts, MAY cap the maximum backoff
- // duration to
- // some amount greater than the specified minimum, and MAY add
- // arbitrary
- // jitter to stagger requests, as long as unsuccessful backend
- // requests are
- // not retried before the configured minimum duration.
- //
- // If a Request timeout (`rules[].timeouts.request`) is configured
- // on the
- // route, the entire duration of the initial request and any retry
- // attempts
- // MUST not exceed the Request timeout duration. If any retry
- // attempts are
- // still in progress when the Request timeout duration has been
- // reached,
- // these SHOULD be canceled if possible and the Gateway MUST
- // immediately
- // return a timeout error.
- //
- // If a BackendRequest timeout (`rules[].timeouts.backendRequest`)
- // is
- // configured on the route, any retry attempts which reach the
- // configured
- // BackendRequest timeout duration without a response SHOULD be
- // canceled if
- // possible and the Gateway should wait for at least the specified
- // backoff
- // duration before attempting to retry the backend request again.
- //
- // If a BackendRequest timeout is _not_ configured on the route,
- // retry
- // attempts MAY time out after an implementation default duration,
- // or MAY
- // remain pending until a configured Request timeout or
- // implementation
- // default duration for total request time is reached.
- //
- // When this field is unspecified, the time to wait between retry
- // attempts
- // is implementation-specific.
- //
- // Support: Extended
- backoff?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
-
- // Codes defines the HTTP response status codes for which a
- // backend request
- // should be retried.
- //
- // Support: Extended
- codes?: [...int & <=599 & >=400]
- }
-
- // SessionPersistence defines and configures session persistence
- // for the route rule.
- //
- // Support: Extended
- sessionPersistence?: {
- // AbsoluteTimeout defines the absolute timeout of the persistent
- // session. Once the AbsoluteTimeout duration has elapsed, the
- // session becomes invalid.
- //
- // Support: Extended
- absoluteTimeout?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
- cookieConfig?: {
- // LifetimeType specifies whether the cookie has a permanent or
- // session-based lifetime. A permanent cookie persists until its
- // specified expiry time, defined by the Expires or Max-Age cookie
- // attributes, while a session cookie is deleted when the current
- // session ends.
- //
- // When set to "Permanent", AbsoluteTimeout indicates the
- // cookie's lifetime via the Expires or Max-Age cookie attributes
- // and is required.
- //
- // When set to "Session", AbsoluteTimeout indicates the
- // absolute lifetime of the cookie tracked by the gateway and
- // is optional.
- //
- // Support: Core for "Session" type
- //
- // Support: Extended for "Permanent" type
- lifetimeType?: "Permanent" | "Session" | *"Session"
- }
-
- // IdleTimeout defines the idle timeout of the persistent session.
- // Once the session has been idle for more than the specified
- // IdleTimeout duration, the session becomes invalid.
- //
- // Support: Extended
- idleTimeout?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
-
- // SessionName defines the name of the persistent session token
- // which may be reflected in the cookie or the header. Users
- // should avoid reusing session names to prevent unintended
- // consequences, such as rejection or unpredictable behavior.
- //
- // Support: Implementation-specific
- sessionName?: strings.MaxRunes(128)
-
- // Type defines the type of session persistence such as through
- // the use a header or cookie. Defaults to cookie based session
- // persistence.
- //
- // Support: Core for "Cookie" type
- //
- // Support: Extended for "Header" type
- type?: "Cookie" | "Header" | *"Cookie"
- }
-
- // Timeouts defines the timeouts that can be configured for an
- // HTTP request.
- //
- // Support: Extended
- timeouts?: {
- // BackendRequest specifies a timeout for an individual request
- // from the gateway
- // to a backend. This covers the time from when the request first
- // starts being
- // sent from the gateway to when the full response has been
- // received from the backend.
- //
- // Setting a timeout to the zero duration (e.g. "0s") SHOULD
- // disable the timeout
- // completely. Implementations that cannot completely disable the
- // timeout MUST
- // instead interpret the zero duration as the longest possible
- // value to which
- // the timeout can be set.
- //
- // An entire client HTTP transaction with a gateway, covered by
- // the Request timeout,
- // may result in more than one call from the gateway to the
- // destination backend,
- // for example, if automatic retries are supported.
- //
- // The value of BackendRequest must be a Gateway API Duration
- // string as defined by
- // GEP-2257. When this field is unspecified, its behavior is
- // implementation-specific;
- // when specified, the value of BackendRequest must be no more
- // than the value of the
- // Request timeout (since the Request timeout encompasses the
- // BackendRequest timeout).
- //
- // Support: Extended
- backendRequest?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
-
- // Request specifies the maximum duration for a gateway to respond
- // to an HTTP request.
- // If the gateway has not been able to respond before this
- // deadline is met, the gateway
- // MUST return a timeout error.
- //
- // For example, setting the `rules.timeouts.request` field to the
- // value `10s` in an
- // `HTTPRoute` will cause a timeout if a client request is taking
- // longer than 10 seconds
- // to complete.
- //
- // Setting a timeout to the zero duration (e.g. "0s") SHOULD
- // disable the timeout
- // completely. Implementations that cannot completely disable the
- // timeout MUST
- // instead interpret the zero duration as the longest possible
- // value to which
- // the timeout can be set.
- //
- // This timeout is intended to cover as close to the whole
- // request-response transaction
- // as possible although an implementation MAY choose to start the
- // timeout after the entire
- // request stream has been received instead of immediately after
- // the transaction is
- // initiated by the client.
- //
- // The value of Request is a Gateway API Duration string as
- // defined by GEP-2257. When this
- // field is unspecified, request timeout behavior is
- // implementation-specific.
- //
- // Support: Extended
- request?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$"
- }
- }] | *[{
- matches: [{
- path: {
- type: "PathPrefix"
- value: "/"
- }
- }]
- }]
-}
diff --git a/k8s/timoni/gateway/cue.mod/module.cue b/k8s/timoni/gateway/cue.mod/module.cue
deleted file mode 100644
index 3004290e3..000000000
--- a/k8s/timoni/gateway/cue.mod/module.cue
+++ /dev/null
@@ -1,2 +0,0 @@
-module: "timoni.sh/gateway"
-language: version: "v0.9.0"
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
deleted file mode 100644
index 2c579e99d..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Action holds the list of annotations for controlling
-// Timoni's apply behaviour of Kubernetes resources.
-Action: {
- // Force annotation for recreating immutable resources such as Kubernetes Jobs.
- Force: {
- "action.timoni.sh/force": ActionStatus.Enabled
- }
- // One-off annotation for appling resources only if they don't exist on the cluster.
- Oneoff: {
- "action.timoni.sh/one-off": ActionStatus.Enabled
- }
- // Keep annotation for preventing Timoni's garbage collector from deleting resources.
- Keep: {
- "action.timoni.sh/prune": ActionStatus.Disabled
- }
-}
-
-ActionStatus: {
- Enabled: "enabled"
- Disabled: "disabled"
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
deleted file mode 100644
index 1535ea43f..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strings"
-)
-
-// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image.
-#Image: {
-
- // Repository is the address of a container registry repository.
- // An image repository is made up of slash-separated name components, optionally
- // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
- repository!: string
-
- // Tag identifies an image in the repository.
- // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes.
- // A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
- tag!: string & strings.MaxRunes(128)
-
- // Digest uniquely and immutably identifies an image in the repository.
- // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
- digest!: string
-
- // PullPolicy defines the pull policy for the image.
- // By default, it is set to IfNotPresent.
- pullPolicy: *"IfNotPresent" | "Always" | "Never"
-
- // Reference is the image address computed from repository, tag and digest
- // in the format [REPOSITORY]:[TAG]@[DIGEST].
- reference: string
-
- if digest != "" && tag != "" {
- reference: "\(repository):\(tag)@\(digest)"
- }
-
- if digest != "" && tag == "" {
- reference: "\(repository)@\(digest)"
- }
-
- if digest == "" && tag != "" {
- reference: "\(repository):\(tag)"
- }
-
- if digest == "" && tag == "" {
- reference: "\(repository):latest"
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
deleted file mode 100644
index 19f098967..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/base64"
- "strings"
-)
-
-// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson.
-// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets.
-#ImagePullSecret: {
- // Metadata is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]].
- #Registry!: string
-
- // Username is the username used to authenticate to the container registry.
- #Username!: string
-
- // Password is the password used to authenticate to the container registry.
- #Password!: string
-
- // Optional suffix used to generate the Secret name.
- #Suffix: *"" | string & strings.MaxRunes(30)
-
- let auth = base64.Encode(null, #Username+":"+#Password)
-
- apiVersion: "v1"
- kind: "Secret"
- type: "kubernetes.io/dockerconfigjson"
- metadata: {
- name: #Meta.name + #Suffix
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- stringData: {
- ".dockerconfigjson": """
- {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}}
- """
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
deleted file mode 100644
index 7b31c23e4..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/json"
- "strings"
- "uuid"
-)
-
-#ConfigMapKind: "ConfigMap"
-#SecretKind: "Secret"
-
-// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets.
-// The metadata.name of the generated object is suffixed with the hash of the input data.
-#ImmutableConfig: {
- // Kind of the generated object.
- #Kind: *#ConfigMapKind | #SecretKind
-
- // Metadata of the generated object.
- #Meta: #Metadata
-
- // Optional suffix appended to the generate name.
- #Suffix: *"" | string
-
- // Data of the generated object.
- #Data: {[string]: string}
-
- let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0]
-
- apiVersion: "v1"
- kind: #Kind
- metadata: {
- name: #Meta.name + #Suffix + "-" + hash
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- immutable: true
- if kind == #ConfigMapKind {
- data: #Data
- }
- if kind == #SecretKind {
- stringData: #Data
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
deleted file mode 100644
index ad96b0621..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// InstanceName defines the schema for the name of a Timoni instance.
-// The instance name is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceNamespace defines the schema for the namespace of a Timoni instance.
-// The instance namespace is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership.
-#InstanceOwnerReference: {
- #Name: "instance.timoni.sh/name"
- #Namespace: "instance.timoni.sh/namespace"
-}
-
-// InstanceModule defines the schema for the Module of a Timoni instance.
-#InstanceModule: {
- url: string & =~"^((oci|file)://.*)$"
- version: *"latest" | string
- digest?: string
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
deleted file mode 100644
index 188ff505d..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// Annotations defines the schema for Kubernetes object metadata annotations.
-#Annotations: {[string & strings.MaxRunes(253)]: string}
-
-// Labels defines the schema for Kubernetes object metadata labels.
-#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
-
-#StdLabelName: "app.kubernetes.io/name"
-#StdLabelVersion: "app.kubernetes.io/version"
-#StdLabelPartOf: "app.kubernetes.io/part-of"
-#StdLabelManagedBy: "app.kubernetes.io/managed-by"
-#StdLabelComponent: "app.kubernetes.io/component"
-#StdLabelInstance: "app.kubernetes.io/instance"
-
-// Metadata defines the schema for Kubernetes object metadata.
-#Metadata: {
- // Version should be in the strict semver format. Is required when creating resources.
- #Version!: string & strings.MaxRunes(63)
-
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name!: #InstanceName
-
- // Namespace defines the space within which each name must be unique.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- namespace!: #InstanceNamespace
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set to store and retrieve arbitrary metadata.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- annotations?: #Annotations
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes labels: app name, version and managed-by.
- labels: {
- (#StdLabelName): name
- (#StdLabelVersion): #Version
- (#StdLabelManagedBy): "timoni"
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name label.
- #LabelSelector: #Labels & {
- (#StdLabelName): name
- }
-
- // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions
- // are met before it fully deletes resources marked for deletion.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/
- finalizers?: [...string]
-}
-
-// MetaComponent generates the Kubernetes object metadata for a module namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
- namespace: #Meta.namespace
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
-
-// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.namespace is unset.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaClusterComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
deleted file mode 100644
index 1dcdb699e..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// ObjectReference is a reference to a Kubernetes object.
-#ObjectReference: {
- // Name of the referent.
- name!: string & strings.MaxRunes(256)
-
- // Namespace of the referent.
- namespace?: string & strings.MaxRunes(256)
-
- // API version of the referent.
- apiVersion?: string & strings.MaxRunes(256)
-
- // Kind of the referent.
- kind?: string & strings.MaxRunes(256)
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
deleted file mode 100644
index d3b5573ae..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m.
-#CPUQuantity: string & =~"^[1-9]\\d*m$"
-
-// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi.
-#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$"
-
-// ResourceRequirement defines the schema for the CPU and Memory resource requirements.
-#ResourceRequirement: {
- cpu?: #CPUQuantity
- memory?: #MemoryQuantity
-}
-
-// ResourceRequirements defines the schema for the compute resource requirements of a container.
-// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- limits?: #ResourceRequirement
-
- // Requests describes the minimum amount of compute resources required.
- // Requests cannot exceed Limits.
- requests?: #ResourceRequirement & {
- if limits != _|_ {
- if limits.cpu != _|_ {
- _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0])
- _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0])
- #cpu: int & >=_rc & _lc
- }
- }
- }
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
deleted file mode 100644
index 9c4f2384b..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc.
-#Selector: {
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- #Name!: #InstanceName
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes label: app name.
- labels: (#StdLabelName): #Name
-}
diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
deleted file mode 100644
index ecd1e397f..000000000
--- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// SemVer validates the input version string and extracts the major and minor version numbers.
-// When Minimum is set, the major and minor parts must be greater or equal to the minimum
-// or a validation error is returned.
-#SemVer: {
- // Input version string in strict semver format.
- #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- // Minimum is the minimum allowed MAJOR.MINOR version.
- #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0])
- let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1])
-
- major: int & >=minMajor
- major: strconv.Atoi(strings.Split(#Version, ".")[0])
-
- minor: int & >=minMinor
- minor: strconv.Atoi(strings.Split(#Version, ".")[1])
-}
diff --git a/k8s/timoni/gateway/templates/config.cue b/k8s/timoni/gateway/templates/config.cue
deleted file mode 100644
index 56cbabafc..000000000
--- a/k8s/timoni/gateway/templates/config.cue
+++ /dev/null
@@ -1,26 +0,0 @@
-package templates
-
-import (
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#Config: {
- kubeVersion!: string
- moduleVersion!: string
-
- metadata: timoniv1.#Metadata & {#Version: moduleVersion}
- metadata: labels: timoniv1.#Labels
- metadata: annotations?: timoniv1.#Annotations
-
- selector: timoniv1.#Selector & {#Name: metadata.name}
-}
-
-#Instance: {
- config: #Config
-
- objects: {
- gatewayclass: #GatewayClass & {#config: config}
- gateway: #Gateway & {#config: config}
- httproute: #HTTPRoute & {#config: config}
- }
-}
diff --git a/k8s/timoni/gateway/templates/gateway.cue b/k8s/timoni/gateway/templates/gateway.cue
deleted file mode 100644
index 5edae25bf..000000000
--- a/k8s/timoni/gateway/templates/gateway.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-package templates
-
-import (
- gatewayv1 "gateway.networking.k8s.io/gateway/v1"
-)
-
-#Gateway: gatewayv1.#Gateway & {
- #config: #Config
- apiVersion: "gateway.networking.k8s.io/v1"
- kind: "Gateway"
- metadata: #config.metadata
- metadata: annotations: "cert-manager.io/issuer": "codebattle"
- spec: {
- gatewayClassName: metadata.name
- listeners: [{
- name: "http"
- port: 80
- protocol: "HTTP"
- }, {
- name: "https"
- port: 443
- protocol: "HTTPS"
- tls: {
- mode: "Terminate"
- certificateRefs: [{
- name: metadata.name
- }]
- }
- }]
- }
-}
diff --git a/k8s/timoni/gateway/templates/gatewayclass.cue b/k8s/timoni/gateway/templates/gatewayclass.cue
deleted file mode 100644
index 401819365..000000000
--- a/k8s/timoni/gateway/templates/gatewayclass.cue
+++ /dev/null
@@ -1,13 +0,0 @@
-package templates
-
-import (
- gatewayv1 "gateway.networking.k8s.io/gatewayclass/v1"
-)
-
-#GatewayClass: gatewayv1.#GatewayClass & {
- #config: #Config
- apiVersion: "gateway.networking.k8s.io/v1"
- kind: "GatewayClass"
- metadata: #config.metadata
- spec: controllerName: "gateway.envoyproxy.io/gatewayclass-controller"
-}
diff --git a/k8s/timoni/gateway/templates/httproute.cue b/k8s/timoni/gateway/templates/httproute.cue
deleted file mode 100644
index 5cc3d8f93..000000000
--- a/k8s/timoni/gateway/templates/httproute.cue
+++ /dev/null
@@ -1,24 +0,0 @@
-package templates
-
-import (
- gatewayv1 "gateway.networking.k8s.io/httproute/v1"
-)
-
-#HTTPRoute: gatewayv1.#HTTPRoute & {
- #config: #Config
- apiVersion: "gateway.networking.k8s.io/v1"
- kind: "HTTPRoute"
- metadata: #config.metadata
- spec: {
- parentRefs: [{
- name: metadata.name
- sectionName: "http"
- }]
- rules: [{
- filters: [{
- type: "RequestRedirect"
- requestRedirect: scheme: "https"
- }]
- }]
- }
-}
diff --git a/k8s/timoni/gateway/timoni.cue b/k8s/timoni/gateway/timoni.cue
deleted file mode 100644
index 1827afaef..000000000
--- a/k8s/timoni/gateway/timoni.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-package main
-
-import (
- templates "timoni.sh/gateway/templates"
-)
-
-values: templates.#Config
-
-timoni: {
- apiVersion: "v1alpha1"
-
- instance: templates.#Instance & {
- config: values
- config: {
- metadata: {
- name: string @tag(name)
- namespace: string @tag(namespace)
- }
- moduleVersion: string @tag(mv, var=moduleVersion)
- kubeVersion: string @tag(kv, var=kubeVersion)
- }
- }
-
- apply: app: [for obj in instance.objects {obj}]
-}
diff --git a/k8s/timoni/gateway/timoni.ignore b/k8s/timoni/gateway/timoni.ignore
deleted file mode 100644
index 0722c3486..000000000
--- a/k8s/timoni/gateway/timoni.ignore
+++ /dev/null
@@ -1,14 +0,0 @@
-# VCS
-.git/
-.gitignore
-.gitmodules
-.gitattributes
-
-# Go
-vendor/
-go.mod
-go.sum
-
-# CUE
-*_tool.cue
-debug_values.cue
diff --git a/k8s/timoni/gateway/values.cue b/k8s/timoni/gateway/values.cue
deleted file mode 100644
index 17bc0aff9..000000000
--- a/k8s/timoni/gateway/values.cue
+++ /dev/null
@@ -1,3 +0,0 @@
-package main
-
-values: {}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
deleted file mode 100644
index 3a3027906..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
+++ /dev/null
@@ -1,147 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
-// webhook backend fails.
-#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
-
-// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
-#MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
-
-// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
-// in the Annotations of a Pod.
-#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
-
-// TaintsAnnotationKey represents the key of taints data (json serialized)
-// in the Annotations of a Node.
-#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
-
-// SeccompPodAnnotationKey represents the key of a seccomp profile applied
-// to all containers of a pod.
-// Deprecated: set a pod security context `seccompProfile` field.
-#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
-
-// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
-// to one container of a pod.
-// Deprecated: set a container security context `seccompProfile` field.
-#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
-
-// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#SeccompProfileRuntimeDefault: "runtime/default"
-
-// SeccompProfileNameUnconfined is the unconfined seccomp profile.
-#SeccompProfileNameUnconfined: "unconfined"
-
-// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
-#SeccompLocalhostProfileNamePrefix: "localhost/"
-
-// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
-#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
-
-// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
-#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
-
-// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
-#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
-
-// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
-#AppArmorBetaProfileRuntimeDefault: "runtime/default"
-
-// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
-#AppArmorBetaProfileNamePrefix: "localhost/"
-
-// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
-#AppArmorBetaProfileNameUnconfined: "unconfined"
-
-// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#DeprecatedSeccompProfileDockerDefault: "docker/default"
-
-// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
-// in the Annotations of a Node.
-#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
-
-// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
-// an object (e.g. secret, config map) before fetching it again from apiserver.
-// This annotation can be attached to node.
-#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
-
-// annotation key prefix used to identify non-convertible json paths.
-#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
-_#kubectlPrefix: "kubectl.kubernetes.io/"
-
-// LastAppliedConfigAnnotation is the annotation used to store the previous
-// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
-#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
-
-// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
-//
-// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
-// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
-// access only from the CIDRs currently allocated to MIT & the USPS.
-//
-// Not all cloud providers support this annotation, though AWS & GCE do.
-#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
-
-// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
-// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
-// of the last change, of some Pod or Service object, that triggered the endpoints object change.
-// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
-// controller at T1, and the Endpoints object was changed at T2, the
-// EndpointsLastChangeTriggerTime would be set to T0.
-//
-// The "endpoints change trigger" here means any Pod or Service change that resulted in the
-// Endpoints object change.
-//
-// Given the definition of the "endpoints change trigger", please note that this annotation will
-// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
-// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
-// already set).
-//
-// This annotation will be used to compute the in-cluster network programming latency SLI, see
-// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
-#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
-
-// EndpointsOverCapacity will be set on an Endpoints resource when it
-// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
-// controller will set this annotation with a value of "warning". In a
-// future release, the controller may set this annotation with a value of
-// "truncated" to indicate that any addresses exceeding the limit of 1000
-// have been truncated from the Endpoints resource.
-#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
-
-// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
-// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
-// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
-// CSI Backend for a volume plugin on a specific node.
-#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
-
-// PodDeletionCost can be used to set to an int32 that represent the cost of deleting
-// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
-// deletion cost are preferred to be deleted before pods with higher deletion cost.
-// Note that this is honored on a best-effort basis, and so it does not offer guarantees on
-// pod deletion order.
-// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
-//
-// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
-#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
-
-// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable
-// Topology Aware Hints for a Service. This may be set to "Auto" or
-// "Disabled". Any other value is treated as "Disabled". This annotation has
-// been deprecated in favor of the "service.kubernetes.io/topology-mode"
-// annotation.
-#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"
-
-// AnnotationTopologyMode can be used to enable or disable Topology Aware
-// Routing for a Service. Well known values are "Auto" and "Disabled".
-// Implementations may choose to develop new topology approaches, exposing
-// them with domain-prefixed values. For example, "example.com/lowest-rtt"
-// could be a valid implementation-specific value for this annotation. These
-// heuristics will often populate topology hints on EndpointSlices, but that
-// is not a requirement.
-#AnnotationTopologyMode: "service.kubernetes.io/topology-mode"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
deleted file mode 100644
index 2bf1afce0..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-// Package v1 is the v1 version of the core API.
-package v1
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
deleted file mode 100644
index 29c24abce..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#GroupName: ""
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
deleted file mode 100644
index d87edcff5..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
+++ /dev/null
@@ -1,7617 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/api/resource"
- "k8s.io/apimachinery/pkg/util/intstr"
- "k8s.io/apimachinery/pkg/types"
-)
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats)
-#NamespaceNodeLease: "kube-node-lease"
-
-// Volume represents a named volume in a pod that may be accessed by any container in the pod.
-#Volume: {
- // name of the volume.
- // Must be a DNS_LABEL and unique within the pod.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- #VolumeSource
-}
-
-// Represents the source of a volume to mount.
-// Only one of its members may be specified.
-#VolumeSource: {
- // hostPath represents a pre-existing file or directory on the host
- // machine that is directly exposed to the container. This is generally
- // used for system agents or other privileged things that are allowed
- // to see the host machine. Most containers will NOT need this.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // ---
- // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- // mount host directories as read/write.
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt)
-
- // emptyDir represents a temporary directory that shares a pod's lifetime.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt)
-
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt)
-
- // gitRepo represents a git repository at a particular revision.
- // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- // into the Pod's container.
- // +optional
- gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt)
-
- // secret represents a secret that should populate this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt)
-
- // nfs represents an NFS mount on the host that shares a pod's lifetime
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://examples.k8s.io/volumes/iscsi/README.md
- // +optional
- iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt)
-
- // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt)
-
- // persistentVolumeClaimVolumeSource represents a reference to a
- // PersistentVolumeClaim in the same namespace.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt)
-
- // downwardAPI represents downward API about the pod that should populate this volume
- // +optional
- downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt)
-
- // configMap represents a configMap that should populate this volume
- // +optional
- configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt)
-
- // projected items for all in one resources secrets, configmaps, and downward API
- projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt)
-
- // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
- // +optional
- storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt)
-
- // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
- // +optional
- csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt)
-
- // ephemeral represents a volume that is handled by a cluster storage driver.
- // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- // and deleted when the pod is removed.
- //
- // Use this if:
- // a) the volume is only needed while the pod runs,
- // b) features of normal volumes like restoring from snapshot or capacity
- // tracking are needed,
- // c) the storage driver is specified through a storage class, and
- // d) the storage driver supports dynamic volume provisioning through
- // a PersistentVolumeClaim (see EphemeralVolumeSource for more
- // information on the connection between this volume type
- // and PersistentVolumeClaim).
- //
- // Use PersistentVolumeClaim or one of the vendor-specific
- // APIs for volumes that persist for longer than the lifecycle
- // of an individual pod.
- //
- // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- // be used that way - see the documentation of the driver for
- // more information.
- //
- // A pod can use both types of ephemeral volumes and
- // persistent volumes at the same time.
- //
- // +optional
- ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt)
-}
-
-// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
-// This volume finds the bound PV and mounts that volume for the pod. A
-// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another
-// type of volume that is owned by someone else (the system).
-#PersistentVolumeClaimVolumeSource: {
- // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- claimName: string @go(ClaimName) @protobuf(1,bytes,opt)
-
- // readOnly Will force the ReadOnly setting in VolumeMounts.
- // Default false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-}
-
-// PersistentVolumeSource is similar to VolumeSource but meant for the
-// administrator who creates PVs. Exactly one of its members must be set.
-#PersistentVolumeSource: {
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt)
-
- // hostPath represents a directory on the host.
- // Provisioned by a developer or tester.
- // This is useful for single-node development and testing only!
- // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt)
-
- // glusterfs represents a Glusterfs volume that is attached to a host and
- // exposed to the pod. Provisioned by an admin.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt)
-
- // nfs represents an NFS mount on the host. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // +optional
- iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt)
-
- // local represents directly-attached storage with node affinity
- // +optional
- local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt)
-
- // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod
- // More info: https://examples.k8s.io/volumes/storageos/README.md
- // +optional
- storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt)
-
- // csi represents storage that is handled by an external CSI driver (Beta feature).
- // +optional
- csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt)
-}
-
-// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation.
-// It's currently still used and will be held for backwards compatibility
-#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class"
-
-// MountOptionAnnotation defines mount option annotation used in PVs
-#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options"
-
-// PersistentVolume (PV) is a storage resource provisioned by an administrator.
-// It is analogous to a node.
-// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
-#PersistentVolume: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines a specification of a persistent volume owned by the cluster.
- // Provisioned by an administrator.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status for the persistent volume.
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeSpec is the specification of a persistent volume.
-#PersistentVolumeSpec: {
- // capacity is the description of the persistent volume's resources and capacity.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- #PersistentVolumeSource
-
- // accessModes contains all ways the volume can be mounted.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
- // Expected to be non-nil when bound.
- // claim.VolumeName is the authoritative bind between PV and PVC.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
- // +optional
- // +structType=granular
- claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt)
-
- // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim.
- // Valid options are Retain (default for manually created PersistentVolumes), Delete (default
- // for dynamically provisioned PersistentVolumes), and Recycle (deprecated).
- // Recycle must be supported by the volume plugin underlying this PersistentVolume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
- // +optional
- persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy)
-
- // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value
- // means that this volume does not belong to any StorageClass.
- // +optional
- storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt)
-
- // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
- // simply fail if one is invalid.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
- // +optional
- mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt)
-
- // volumeMode defines if a volume is intended to be used with a formatted filesystem
- // or to remain in raw block state. Value of Filesystem is implied when not included in spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode)
-
- // nodeAffinity defines constraints that limit what nodes this volume can be accessed from.
- // This field influences the scheduling of pods that use this volume.
- // +optional
- nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt)
-}
-
-// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
-#VolumeNodeAffinity: {
- // required specifies hard node constraints that must be met.
- required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes.
-// +enum
-#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy
-
-#enumPersistentVolumeReclaimPolicy:
- #PersistentVolumeReclaimRecycle |
- #PersistentVolumeReclaimDelete |
- #PersistentVolumeReclaimRetain
-
-// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim.
-// The volume plugin must support Recycling.
-#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle"
-
-// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim.
-// The volume plugin must support Deletion.
-#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete"
-
-// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator.
-// The default policy is Retain.
-#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain"
-
-// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem.
-// +enum
-#PersistentVolumeMode: string // #enumPersistentVolumeMode
-
-#enumPersistentVolumeMode:
- #PersistentVolumeBlock |
- #PersistentVolumeFilesystem
-
-// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device.
-#PersistentVolumeBlock: #PersistentVolumeMode & "Block"
-
-// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem.
-#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem"
-
-// PersistentVolumeStatus is the current status of a persistent volume.
-#PersistentVolumeStatus: {
- // phase indicates if a volume is available, bound to a claim, or released by a claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
- // +optional
- phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase)
-
- // message is a human-readable message indicating details about why the volume is in this state.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // reason is a brief CamelCase string that describes any failure and is meant
- // for machine parsing and tidy display in the CLI.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // lastPhaseTransitionTime is the time the phase transitioned from one to another
- // and automatically resets to current time everytime a volume phase transitions.
- // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
- // +featureGate=PersistentVolumeLastPhaseTransitionTime
- // +optional
- lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeList is a list of PersistentVolume items.
-#PersistentVolumeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volumes.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
- items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaim is a user's request for and claim to a persistent volume
-#PersistentVolumeClaim: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines the desired characteristics of a volume requested by a pod author.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status of a persistent volume claim.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
-#PersistentVolumeClaimList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volume claims.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaimSpec describes the common attributes of storage devices
-// and allows a Source for provider-specific attributes
-#PersistentVolumeClaimSpec: {
- // accessModes contains the desired access modes the volume should have.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // selector is a label query over volumes to consider for binding.
- // +optional
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // resources represents the minimum resources the volume should have.
- // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- // that are lower than previous value but must still be higher than capacity recorded in the
- // status field of the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt)
-
- // volumeName is the binding reference to the PersistentVolume backing this claim.
- // +optional
- volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt)
-
- // storageClassName is the name of the StorageClass required by the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- // +optional
- storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt)
-
- // volumeMode defines what type of volume is required by the claim.
- // Value of Filesystem is implied when not included in claim spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode)
-
- // dataSource field can be used to specify either:
- // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- // * An existing PVC (PersistentVolumeClaim)
- // If the provisioner or an external controller can support the specified data source,
- // it will create a new volume based on the contents of the specified data source.
- // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- // If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- // +optional
- dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt)
-
- // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- // volume is desired. This may be any object from a non-empty API group (non
- // core object) or a PersistentVolumeClaim object.
- // When this field is specified, volume binding will only succeed if the type of
- // the specified object matches some installed volume populator or dynamic
- // provisioner.
- // This field will replace the functionality of the dataSource field and as such
- // if both fields are non-empty, they must have the same value. For backwards
- // compatibility, when namespace isn't specified in dataSourceRef,
- // both fields (dataSource and dataSourceRef) will be set to the same
- // value automatically if one of them is empty and the other is non-empty.
- // When namespace is specified in dataSourceRef,
- // dataSource isn't set to the same value and must be empty.
- // There are three important differences between dataSource and dataSourceRef:
- // * While dataSource only allows two specific types of objects, dataSourceRef
- // allows any non-core object, as well as PersistentVolumeClaim objects.
- // * While dataSource ignores disallowed values (dropping them), dataSourceRef
- // preserves all values, and generates an error if a disallowed value is
- // specified.
- // * While dataSource only allows local objects, dataSourceRef allows objects
- // in any namespaces.
- // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +optional
- dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt)
-}
-
-#TypedObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // Namespace is the namespace of resource being referenced
- // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +featureGate=CrossNamespaceVolumeDataSource
- // +optional
- namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
-#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType
-
-#enumPersistentVolumeClaimConditionType:
- #PersistentVolumeClaimResizing |
- #PersistentVolumeClaimFileSystemResizePending
-
-// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started
-#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing"
-
-// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node
-#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending"
-
-// +enum
-// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
-// that it does not recognizes, then it should ignore that update and let other controllers
-// handle it.
-#ClaimResourceStatus: string // #enumClaimResourceStatus
-
-#enumClaimResourceStatus:
- #PersistentVolumeClaimControllerResizeInProgress |
- #PersistentVolumeClaimControllerResizeFailed |
- #PersistentVolumeClaimNodeResizePending |
- #PersistentVolumeClaimNodeResizeInProgress |
- #PersistentVolumeClaimNodeResizeFailed
-
-// State set when resize controller starts resizing the volume in control-plane.
-#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress"
-
-// State set when resize has failed in resize controller with a terminal error.
-// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus
-// unmodified, so as resize controller can resume the volume expansion.
-#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed"
-
-// State set when resize controller has finished resizing the volume but further resizing of volume
-// is needed on the node.
-#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending"
-
-// State set when kubelet starts resizing the volume.
-#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress"
-
-// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed
-#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed"
-
-// PersistentVolumeClaimCondition contains details about state of pvc
-#PersistentVolumeClaimCondition: {
- type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType)
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // lastProbeTime is the time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // lastTransitionTime is the time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason is a unique, this should be a short, machine understandable string that gives the reason
- // for condition's last transition. If it reports "ResizeStarted" that means the underlying
- // persistent volume is being resized.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is the human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
-#PersistentVolumeClaimStatus: {
- // phase represents the current phase of PersistentVolumeClaim.
- // +optional
- phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase)
-
- // accessModes contains the actual access modes the volume backing the PVC has.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // capacity represents the actual resources of the underlying volume.
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
- // resized then the Condition will be set to 'ResizeStarted'.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep)
-
- // allocatedResources tracks the resources allocated to a PVC including its capacity.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // Capacity reported here may be larger than the actual capacity when a volume expansion operation
- // is requested.
- // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
- // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
- // If a volume expansion capacity request is lowered, allocatedResources is only
- // lowered if there are no expansion operations in progress and if the actual volume capacity
- // is equal or lower than the requested capacity.
- //
- // A controller that receives PVC update with previously unknown resourceName
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // allocatedResourceStatuses stores status of resource being resized for the given PVC.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // ClaimResourceStatus can be in any of following states:
- // - ControllerResizeInProgress:
- // State set when resize controller starts resizing the volume in control-plane.
- // - ControllerResizeFailed:
- // State set when resize has failed in resize controller with a terminal error.
- // - NodeResizePending:
- // State set when resize controller has finished resizing the volume but further resizing of
- // volume is needed on the node.
- // - NodeResizeInProgress:
- // State set when kubelet starts resizing the volume.
- // - NodeResizeFailed:
- // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
- // NodeResizeFailed.
- // For example: if expanding a PVC for more capacity - this field can be one of the following states:
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
- // When this field is not set, it means that no resize operation is in progress for the given PVC.
- //
- // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +mapType=granular
- // +optional
- allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep)
-}
-
-// +enum
-#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode
-
-#enumPersistentVolumeAccessMode:
- #ReadWriteOnce |
- #ReadOnlyMany |
- #ReadWriteMany |
- #ReadWriteOncePod
-
-// can be mounted in read/write mode to exactly 1 host
-#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce"
-
-// can be mounted in read-only mode to many hosts
-#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany"
-
-// can be mounted in read/write mode to many hosts
-#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany"
-
-// can be mounted in read/write mode to exactly 1 pod
-// cannot be used in combination with other access modes
-#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod"
-
-// +enum
-#PersistentVolumePhase: string // #enumPersistentVolumePhase
-
-#enumPersistentVolumePhase:
- #VolumePending |
- #VolumeAvailable |
- #VolumeBound |
- #VolumeReleased |
- #VolumeFailed
-
-// used for PersistentVolumes that are not available
-#VolumePending: #PersistentVolumePhase & "Pending"
-
-// used for PersistentVolumes that are not yet bound
-// Available volumes are held by the binder and matched to PersistentVolumeClaims
-#VolumeAvailable: #PersistentVolumePhase & "Available"
-
-// used for PersistentVolumes that are bound
-#VolumeBound: #PersistentVolumePhase & "Bound"
-
-// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted
-// released volumes must be recycled before becoming available again
-// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource
-#VolumeReleased: #PersistentVolumePhase & "Released"
-
-// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim
-#VolumeFailed: #PersistentVolumePhase & "Failed"
-
-// +enum
-#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase
-
-#enumPersistentVolumeClaimPhase:
- #ClaimPending |
- #ClaimBound |
- #ClaimLost
-
-// used for PersistentVolumeClaims that are not yet bound
-#ClaimPending: #PersistentVolumeClaimPhase & "Pending"
-
-// used for PersistentVolumeClaims that are bound
-#ClaimBound: #PersistentVolumeClaimPhase & "Bound"
-
-// used for PersistentVolumeClaims that lost their underlying
-// PersistentVolume. The claim was bound to a PersistentVolume and this
-// volume does not exist any longer and all data on it was lost.
-#ClaimLost: #PersistentVolumeClaimPhase & "Lost"
-
-// +enum
-#HostPathType: string // #enumHostPathType
-
-#enumHostPathType:
- #HostPathUnset |
- #HostPathDirectoryOrCreate |
- #HostPathDirectory |
- #HostPathFileOrCreate |
- #HostPathFile |
- #HostPathSocket |
- #HostPathCharDev |
- #HostPathBlockDev
-
-// For backwards compatible, leave it empty if unset
-#HostPathUnset: #HostPathType & ""
-
-// If nothing exists at the given path, an empty directory will be created there
-// as needed with file mode 0755, having the same group and ownership with Kubelet.
-#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate"
-
-// A directory must exist at the given path
-#HostPathDirectory: #HostPathType & "Directory"
-
-// If nothing exists at the given path, an empty file will be created there
-// as needed with file mode 0644, having the same group and ownership with Kubelet.
-#HostPathFileOrCreate: #HostPathType & "FileOrCreate"
-
-// A file must exist at the given path
-#HostPathFile: #HostPathType & "File"
-
-// A UNIX socket must exist at the given path
-#HostPathSocket: #HostPathType & "Socket"
-
-// A character device must exist at the given path
-#HostPathCharDev: #HostPathType & "CharDevice"
-
-// A block device must exist at the given path
-#HostPathBlockDev: #HostPathType & "BlockDevice"
-
-// Represents a host path mapped into a pod.
-// Host path volumes do not support ownership management or SELinux relabeling.
-#HostPathVolumeSource: {
- // path of the directory on the host.
- // If the path is a symlink, it will follow the link to the real path.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // type for HostPath Volume
- // Defaults to ""
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt)
-}
-
-// Represents an empty directory for a pod.
-// Empty directory volumes support ownership management and SELinux relabeling.
-#EmptyDirVolumeSource: {
- // medium represents what type of storage medium should back this directory.
- // The default is "" which means to use the node's default medium.
- // Must be an empty string (default) or Memory.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium)
-
- // sizeLimit is the total amount of local storage required for this EmptyDir volume.
- // The size limit is also applicable for memory medium.
- // The maximum usage on memory medium EmptyDir would be the minimum value between
- // the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- // The default is nil which means that the limit is undefined.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsPersistentVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // endpointsNamespace is the namespace that contains Glusterfs endpoint.
- // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDPersistentVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderPersistentVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is Optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// SecretReference represents a Secret Reference. It has enough information to retrieve secret
-// in any namespace
-// +structType=atomic
-#SecretReference: {
- // name is unique within a namespace to reference a secret resource.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // namespace defines the space within which the secret name must be unique.
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSPersistentVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is Optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// Represents a Flocker volume mounted by the Flocker agent.
-// One and only one of datasetName and datasetUUID should be set.
-// Flocker volumes do not support ownership management or SELinux relabeling.
-#FlockerVolumeSource: {
- // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- // should be considered as deprecated
- // +optional
- datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt)
-
- // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
- // +optional
- datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt)
-}
-
-// StorageMedium defines ways that storage can be allocated to a volume.
-#StorageMedium: string // #enumStorageMedium
-
-#enumStorageMedium:
- #StorageMediumDefault |
- #StorageMediumMemory |
- #StorageMediumHugePages |
- #StorageMediumHugePagesPrefix
-
-#StorageMediumDefault: #StorageMedium & ""
-#StorageMediumMemory: #StorageMedium & "Memory"
-#StorageMediumHugePages: #StorageMedium & "HugePages"
-#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-"
-
-// Protocol defines network protocols supported for things like container ports.
-// +enum
-#Protocol: string // #enumProtocol
-
-#enumProtocol:
- #ProtocolTCP |
- #ProtocolUDP |
- #ProtocolSCTP
-
-// ProtocolTCP is the TCP protocol.
-#ProtocolTCP: #Protocol & "TCP"
-
-// ProtocolUDP is the UDP protocol.
-#ProtocolUDP: #Protocol & "UDP"
-
-// ProtocolSCTP is the SCTP protocol.
-#ProtocolSCTP: #Protocol & "SCTP"
-
-// Represents a Persistent Disk resource in Google Compute Engine.
-//
-// A GCE PD must exist before mounting to a container. The disk must
-// also be in the same GCE project and zone as the kubelet. A GCE PD
-// can only be mounted as read/write once or read-only many times. GCE
-// PDs support ownership management and SELinux relabeling.
-#GCEPersistentDiskVolumeSource: {
- // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName: string @go(PDName) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a Quobyte mount that lasts the lifetime of a pod.
-// Quobyte volumes do not support ownership management or SELinux relabeling.
-#QuobyteVolumeSource: {
- // registry represents a single or multiple Quobyte Registry services
- // specified as a string as host:port pair (multiple entries are separated with commas)
- // which acts as the central registry for volumes
- registry: string @go(Registry) @protobuf(1,bytes,opt)
-
- // volume is a string that references an already created Quobyte volume by name.
- volume: string @go(Volume) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // user to map volume access to
- // Defaults to serivceaccount user
- // +optional
- user?: string @go(User) @protobuf(4,bytes,opt)
-
- // group to map volume access to
- // Default is no group
- // +optional
- group?: string @go(Group) @protobuf(5,bytes,opt)
-
- // tenant owning the given Quobyte volume in the Backend
- // Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- // +optional
- tenant?: string @go(Tenant) @protobuf(6,bytes,opt)
-}
-
-// FlexPersistentVolumeSource represents a generic persistent volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// FlexVolume represents a generic volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: secretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// Represents a Persistent Disk resource in AWS.
-//
-// An AWS EBS disk must exist before mounting to a container. The disk
-// must also be in the same AWS zone as the kubelet. An AWS EBS disk
-// can only be mounted as read/write once. AWS EBS volumes support
-// ownership management and SELinux relabeling.
-#AWSElasticBlockStoreVolumeSource: {
- // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly value true will force the readOnly setting in VolumeMounts.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a volume that is populated with the contents of a git repository.
-// Git repo volumes do not support ownership management.
-// Git repo volumes support SELinux relabeling.
-//
-// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
-// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
-// into the Pod's container.
-#GitRepoVolumeSource: {
- // repository is the URL
- repository: string @go(Repository) @protobuf(1,bytes,opt)
-
- // revision is the commit hash for the specified revision.
- // +optional
- revision?: string @go(Revision) @protobuf(2,bytes,opt)
-
- // directory is the target directory name.
- // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- // git repository. Otherwise, if specified, the volume will contain the git repository in
- // the subdirectory with the given name.
- // +optional
- directory?: string @go(Directory) @protobuf(3,bytes,opt)
-}
-
-// Adapts a Secret into a volume.
-//
-// The contents of the target Secret's Data field will be presented in a volume
-// as files using the keys in the Data field as the file names.
-// Secret volumes support ownership management and SELinux relabeling.
-#SecretVolumeSource: {
- // secretName is the name of the secret in the pod's namespace to use.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secretName?: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // items If unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values
- // for mode bits. Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt)
-
- // optional field specify whether the Secret or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#SecretVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a secret into a projected volume.
-//
-// The contents of the target Secret's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names.
-// Note that this is identical to a secret volume source without the default
-// mode.
-#SecretProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional field specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// Represents an NFS mount that lasts the lifetime of a pod.
-// NFS volumes do not support ownership management or SELinux relabeling.
-#NFSVolumeSource: {
- // server is the hostname or IP address of the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server: string @go(Server) @protobuf(1,bytes,opt)
-
- // path that is exported by the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the NFS export to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is the target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun represents iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// ISCSIPersistentVolumeSource represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIPersistentVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is Target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun is iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// Represents a Fibre Channel volume.
-// Fibre Channel volumes can only be mounted as read/write once.
-// Fibre Channel volumes support ownership management and SELinux relabeling.
-#FCVolumeSource: {
- // targetWWNs is Optional: FC target worldwide names (WWNs)
- // +optional
- targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep)
-
- // lun is Optional: FC target lun number
- // +optional
- lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // wwids Optional: FC volume world wide identifiers (wwids)
- // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- // +optional
- wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFileVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFilePersistentVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure Share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key
- // default is the same as the Pod
- // +optional
- secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a vSphere volume resource.
-#VsphereVirtualDiskVolumeSource: {
- // volumePath is the path that identifies vSphere volume vmdk
- volumePath: string @go(VolumePath) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // storagePolicyName is the storage Policy Based Management (SPBM) profile name.
- // +optional
- storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt)
-
- // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
- // +optional
- storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt)
-}
-
-// Represents a Photon Controller persistent disk resource.
-#PhotonPersistentDiskVolumeSource: {
- // pdID is the ID that identifies Photon Controller persistent disk
- pdID: string @go(PdID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode
-
-#enumAzureDataDiskCachingMode:
- #AzureDataDiskCachingNone |
- #AzureDataDiskCachingReadOnly |
- #AzureDataDiskCachingReadWrite
-
-// +enum
-#AzureDataDiskKind: string // #enumAzureDataDiskKind
-
-#enumAzureDataDiskKind:
- #AzureSharedBlobDisk |
- #AzureDedicatedBlobDisk |
- #AzureManagedDisk
-
-#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None"
-#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly"
-#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite"
-#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared"
-#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated"
-#AzureManagedDisk: #AzureDataDiskKind & "Managed"
-
-// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
-#AzureDiskVolumeSource: {
- // diskName is the Name of the data disk in the blob storage
- diskName: string @go(DiskName) @protobuf(1,bytes,opt)
-
- // diskURI is the URI of data disk in the blob storage
- diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt)
-
- // cachingMode is the Host Caching mode: None, Read Only, Read Write.
- // +optional
- cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode)
-
- // fsType is Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt)
-
- // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
- kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind)
-}
-
-// PortworxVolumeSource represents a Portworx volume resource.
-#PortworxVolumeSource: {
- // volumeID uniquely identifies a Portworx volume
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fSType represents the filesystem type to mount
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// ScaleIOVolumeSource represents a persistent ScaleIO volume
-#ScaleIOVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // sslEnabled Flag enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
-#ScaleIOPersistentVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs"
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSPersistentVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Adapts a ConfigMap into a volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// volume as files using the keys in the Data field as the file names, unless
-// the items element is populated with specific mappings of keys to paths.
-// ConfigMap volumes support ownership management and SELinux relabeling.
-#ConfigMapVolumeSource: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#ConfigMapVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a ConfigMap into a projected volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names,
-// unless the items element is populated with specific mappings of keys to paths.
-// Note that this is identical to a configmap volume source without the default
-// mode.
-#ConfigMapProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountTokenProjection represents a projected service account token
-// volume. This projection can be used to insert a service account token into
-// the pods runtime filesystem for use against APIs (Kubernetes API Server or
-// otherwise).
-#ServiceAccountTokenProjection: {
- // audience is the intended audience of the token. A recipient of a token
- // must identify itself with an identifier specified in the audience of the
- // token, and otherwise should reject the token. The audience defaults to the
- // identifier of the apiserver.
- // +optional
- audience?: string @go(Audience) @protobuf(1,bytes,rep)
-
- // expirationSeconds is the requested duration of validity of the service
- // account token. As the token approaches expiration, the kubelet volume
- // plugin will proactively rotate the service account token. The kubelet will
- // start trying to rotate the token if the token is older than 80 percent of
- // its time to live or if the token is older than 24 hours.Defaults to 1 hour
- // and must be at least 10 minutes.
- // +optional
- expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt)
-
- // path is the path relative to the mount point of the file to project the
- // token into.
- path: string @go(Path) @protobuf(3,bytes,opt)
-}
-
-// Represents a projected volume source
-#ProjectedVolumeSource: {
- // sources is the list of volume projections
- // +optional
- sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep)
-
- // defaultMode are the mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-// Projection that may be projected along with other supported volume types
-#VolumeProjection: {
- // secret information about the secret data to project
- // +optional
- secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt)
-
- // downwardAPI information about the downwardAPI data to project
- // +optional
- downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt)
-
- // configMap information about the configMap data to project
- // +optional
- configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt)
-
- // serviceAccountToken is information about the serviceAccountToken data to project
- // +optional
- serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt)
-}
-
-#ProjectedVolumeSourceDefaultMode: int32 & 0o644
-
-// Maps a string key to a path within a volume.
-#KeyToPath: {
- // key is the key to project.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // path is the relative path of the file to map the key to.
- // May not be an absolute path.
- // May not contain the path element '..'.
- // May not start with the string '..'.
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // mode is Optional: mode bits used to set permissions on this file.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt)
-}
-
-// Local represents directly-attached storage with node affinity (Beta feature)
-#LocalVolumeSource: {
- // path of the full path to the volume on the node.
- // It can be either a directory or block device (disk, partition, ...).
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // It applies only when the Path is a block device.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt)
-}
-
-// Represents storage that is managed by an external CSI volume driver (Beta feature)
-#CSIPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- // Required.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // volumeHandle is the unique volume name returned by the CSI volume
- // plugin’s CreateVolume to refer to the volume on all subsequent calls.
- // Required.
- volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt)
-
- // readOnly value to pass to ControllerPublishVolumeRequest.
- // Defaults to false (read/write).
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // fsType to mount. Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(4,bytes,opt)
-
- // volumeAttributes of the volume to publish.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep)
-
- // controllerPublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerPublishVolume and ControllerUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt)
-
- // nodeStageSecretRef is a reference to the secret object containing sensitive
- // information to pass to the CSI driver to complete the CSI NodeStageVolume
- // and NodeStageVolume and NodeUnstageVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt)
-
- // controllerExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerExpandVolume call.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt)
-
- // nodeExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodeExpandVolume call.
- // This is a beta field which is enabled default by CSINodeExpandSecret feature gate.
- // This field is optional, may be omitted if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +featureGate=CSINodeExpandSecret
- // +optional
- nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt)
-}
-
-// Represents a source location of a volume to mount, managed by an external CSI driver
-#CSIVolumeSource: {
- // driver is the name of the CSI driver that handles this volume.
- // Consult with your admin for the correct name as registered in the cluster.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // readOnly specifies a read-only configuration for the volume.
- // Defaults to false (read/write).
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt)
-
- // fsType to mount. Ex. "ext4", "xfs", "ntfs".
- // If not provided, the empty value is passed to the associated CSI driver
- // which will determine the default filesystem to apply.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt)
-
- // volumeAttributes stores driver-specific properties that are passed to the CSI
- // driver. Consult your driver's documentation for supported values.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secret references are passed.
- // +optional
- nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents an ephemeral volume that is handled by a normal storage driver.
-#EphemeralVolumeSource: {
- // Will be used to create a stand-alone PVC to provision the volume.
- // The pod in which this EphemeralVolumeSource is embedded will be the
- // owner of the PVC, i.e. the PVC will be deleted together with the
- // pod. The name of the PVC will be `-` where
- // `` is the name from the `PodSpec.Volumes` array
- // entry. Pod validation will reject the pod if the concatenated name
- // is not valid for a PVC (for example, too long).
- //
- // An existing PVC with that name that is not owned by the pod
- // will *not* be used for the pod to avoid using an unrelated
- // volume by mistake. Starting the pod is then blocked until
- // the unrelated PVC is removed. If such a pre-created PVC is
- // meant to be used by the pod, the PVC has to updated with an
- // owner reference to the pod once the pod exists. Normally
- // this should not be necessary, but it may be useful when
- // manually reconstructing a broken cluster.
- //
- // This field is read-only and no changes will be made by Kubernetes
- // to the PVC after it has been created.
- //
- // Required, must not be nil.
- volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeClaimTemplate is used to produce
-// PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
-#PersistentVolumeClaimTemplate: {
- // May contain labels and annotations that will be copied into the PVC
- // when creating it. No other fields are allowed and will be rejected during
- // validation.
- //
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The specification for the PersistentVolumeClaim. The entire content is
- // copied unchanged into the PVC that gets created from this
- // template. The same fields as in a PersistentVolumeClaim
- // are also valid here.
- spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes)
-}
-
-// ContainerPort represents a network port in a single container.
-#ContainerPort: {
- // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- // named port in a pod must have a unique name. Name for the port that can be
- // referred to by services.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // Number of port to expose on the host.
- // If specified, this must be a valid port number, 0 < x < 65536.
- // If HostNetwork is specified, this must match ContainerPort.
- // Most containers do not need this.
- // +optional
- hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt)
-
- // Number of port to expose on the pod's IP address.
- // This must be a valid port number, 0 < x < 65536.
- containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt)
-
- // Protocol for port. Must be UDP, TCP, or SCTP.
- // Defaults to "TCP".
- // +optional
- // +default="TCP"
- protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol)
-
- // What host IP to bind the external port to.
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-}
-
-// VolumeMount describes a mounting of a Volume within a container.
-#VolumeMount: {
- // This must match the Name of a Volume.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Mounted read-only if true, read-write otherwise (false or unspecified).
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-
- // Path within the container at which the volume should be mounted. Must
- // not contain ':'.
- mountPath: string @go(MountPath) @protobuf(3,bytes,opt)
-
- // Path within the volume from which the container's volume should be mounted.
- // Defaults to "" (volume's root).
- // +optional
- subPath?: string @go(SubPath) @protobuf(4,bytes,opt)
-
- // mountPropagation determines how mounts are propagated from the host
- // to container and the other way around.
- // When not set, MountPropagationNone is used.
- // This field is beta in 1.10.
- // +optional
- mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode)
-
- // Expanded path within the volume from which the container's volume should be mounted.
- // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- // Defaults to "" (volume's root).
- // SubPathExpr and SubPath are mutually exclusive.
- // +optional
- subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt)
-}
-
-// MountPropagationMode describes mount propagation.
-// +enum
-#MountPropagationMode: string // #enumMountPropagationMode
-
-#enumMountPropagationMode:
- #MountPropagationNone |
- #MountPropagationHostToContainer |
- #MountPropagationBidirectional
-
-// MountPropagationNone means that the volume in a container will
-// not receive new mounts from the host or other containers, and filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode corresponds to "private" in Linux terminology.
-#MountPropagationNone: #MountPropagationMode & "None"
-
-// MountPropagationHostToContainer means that the volume in a container will
-// receive new mounts from the host or other containers, but filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rslave" in Linux terminology).
-#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer"
-
-// MountPropagationBidirectional means that the volume in a container will
-// receive new mounts from the host or other containers, and its own mounts
-// will be propagated from the container to the host or other containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rshared" in Linux terminology).
-#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional"
-
-// volumeDevice describes a mapping of a raw block device within a container.
-#VolumeDevice: {
- // name must match the name of a persistentVolumeClaim in the pod
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // devicePath is the path inside of the container that the device will be mapped to.
- devicePath: string @go(DevicePath) @protobuf(2,bytes,opt)
-}
-
-// EnvVar represents an environment variable present in a Container.
-#EnvVar: {
- // Name of the environment variable. Must be a C_IDENTIFIER.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Variable references $(VAR_NAME) are expanded
- // using the previously defined environment variables in the container and
- // any service environment variables. If a variable cannot be resolved,
- // the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- // Escaped references will never be expanded, regardless of whether the variable
- // exists or not.
- // Defaults to "".
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Source for the environment variable's value. Cannot be used if value is not empty.
- // +optional
- valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt)
-}
-
-// EnvVarSource represents a source for the value of an EnvVar.
-#EnvVarSource: {
- // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a key of a ConfigMap.
- // +optional
- configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt)
-
- // Selects a key of a secret in the pod's namespace
- // +optional
- secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt)
-}
-
-// ObjectFieldSelector selects an APIVersioned field of an object.
-// +structType=atomic
-#ObjectFieldSelector: {
- // Version of the schema the FieldPath is written in terms of, defaults to "v1".
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // Path of the field to select in the specified API version.
- fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt)
-}
-
-// ResourceFieldSelector represents container resources (cpu, memory) and their output format
-// +structType=atomic
-#ResourceFieldSelector: {
- // Container name: required for volumes, optional for env vars
- // +optional
- containerName?: string @go(ContainerName) @protobuf(1,bytes,opt)
-
- // Required: resource to select
- "resource": string @go(Resource) @protobuf(2,bytes,opt)
-
- // Specifies the output format of the exposed resources, defaults to "1"
- // +optional
- divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt)
-}
-
-// Selects a key from a ConfigMap.
-// +structType=atomic
-#ConfigMapKeySelector: {
- #LocalObjectReference
-
- // The key to select.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the ConfigMap or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// SecretKeySelector selects a key of a Secret.
-// +structType=atomic
-#SecretKeySelector: {
- #LocalObjectReference
-
- // The key of the secret to select from. Must be a valid secret key.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// EnvFromSource represents the source of a set of ConfigMaps
-#EnvFromSource: {
- // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
- // +optional
- prefix?: string @go(Prefix) @protobuf(1,bytes,opt)
-
- // The ConfigMap to select from
- // +optional
- configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt)
-
- // The Secret to select from
- // +optional
- secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt)
-}
-
-// ConfigMapEnvSource selects a ConfigMap to populate the environment
-// variables with.
-//
-// The contents of the target ConfigMap's Data field will represent the
-// key-value pairs as environment variables.
-#ConfigMapEnvSource: {
- #LocalObjectReference
-
- // Specify whether the ConfigMap must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// SecretEnvSource selects a Secret to populate the environment
-// variables with.
-//
-// The contents of the target Secret's Data field will represent the
-// key-value pairs as environment variables.
-#SecretEnvSource: {
- #LocalObjectReference
-
- // Specify whether the Secret must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// HTTPHeader describes a custom header to be used in HTTP probes
-#HTTPHeader: {
- // The header field name.
- // This will be canonicalized upon output, so case-variant names will be understood as the same header.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // The header field value
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// HTTPGetAction describes an action based on HTTP Get requests.
-#HTTPGetAction: {
- // Path to access on the HTTP server.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-
- // Name or number of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt)
-
- // Host name to connect to, defaults to the pod IP. You probably want to set
- // "Host" in httpHeaders instead.
- // +optional
- host?: string @go(Host) @protobuf(3,bytes,opt)
-
- // Scheme to use for connecting to the host.
- // Defaults to HTTP.
- // +optional
- scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme)
-
- // Custom headers to set in the request. HTTP allows repeated headers.
- // +optional
- httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep)
-}
-
-// URIScheme identifies the scheme used for connection to a host for Get actions
-// +enum
-#URIScheme: string // #enumURIScheme
-
-#enumURIScheme:
- #URISchemeHTTP |
- #URISchemeHTTPS
-
-// URISchemeHTTP means that the scheme used will be http://
-#URISchemeHTTP: #URIScheme & "HTTP"
-
-// URISchemeHTTPS means that the scheme used will be https://
-#URISchemeHTTPS: #URIScheme & "HTTPS"
-
-// TCPSocketAction describes an action based on opening a socket
-#TCPSocketAction: {
- // Number or name of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt)
-
- // Optional: Host name to connect to, defaults to the pod IP.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-#GRPCAction: {
- // Port number of the gRPC service. Number must be in the range 1 to 65535.
- port: int32 @go(Port) @protobuf(1,bytes,opt)
-
- // Service is the name of the service to place in the gRPC HealthCheckRequest
- // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- //
- // If this is not specified, the default behavior is defined by gRPC.
- // +optional
- // +default=""
- service?: null | string @go(Service,*string) @protobuf(2,bytes,opt)
-}
-
-// ExecAction describes a "run in container" action.
-#ExecAction: {
- // Command is the command line to execute inside the container, the working directory for the
- // command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- // a shell, you need to explicitly call out to that shell.
- // Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep)
-}
-
-// Probe describes a health check to be performed against a container to determine whether it is
-// alive or ready to receive traffic.
-#Probe: {
- #ProbeHandler
-
- // Number of seconds after the container has started before liveness probes are initiated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt)
-
- // Number of seconds after which the probe times out.
- // Defaults to 1 second. Minimum value is 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt)
-
- // How often (in seconds) to perform the probe.
- // Default to 10 seconds. Minimum value is 1.
- // +optional
- periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt)
-
- // Minimum consecutive successes for the probe to be considered successful after having failed.
- // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- // +optional
- successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt)
-
- // Minimum consecutive failures for the probe to be considered failed after having succeeded.
- // Defaults to 3. Minimum value is 1.
- // +optional
- failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt)
-
- // Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- // value overrides the value provided by the pod spec.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt)
-}
-
-// PullPolicy describes a policy for if/when to pull a container image
-// +enum
-#PullPolicy: string // #enumPullPolicy
-
-#enumPullPolicy:
- #PullAlways |
- #PullNever |
- #PullIfNotPresent
-
-// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
-#PullAlways: #PullPolicy & "Always"
-
-// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
-#PullNever: #PullPolicy & "Never"
-
-// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
-#PullIfNotPresent: #PullPolicy & "IfNotPresent"
-
-// ResourceResizeRestartPolicy specifies how to handle container resource resize.
-#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy
-
-#enumResourceResizeRestartPolicy:
- #NotRequired |
- #RestartContainer
-
-// 'NotRequired' means Kubernetes will try to resize the container
-// without restarting it, if possible. Kubernetes may however choose to
-// restart the container if it is unable to actuate resize without a
-// restart. For e.g. the runtime doesn't support restart-free resizing.
-#NotRequired: #ResourceResizeRestartPolicy & "NotRequired"
-
-// 'RestartContainer' means Kubernetes will resize the container in-place
-// by stopping and starting the container when new resources are applied.
-// This is needed for legacy applications. For e.g. java apps using the
-// -xmxN flag which are unable to use resized memory without restarting.
-#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer"
-
-// ContainerResizePolicy represents resource resize policy for the container.
-#ContainerResizePolicy: {
- // Name of the resource to which this resource resize policy applies.
- // Supported values: cpu, memory.
- resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName)
-
- // Restart policy to apply when specified resource is resized.
- // If not specified, it defaults to NotRequired.
- restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy)
-}
-
-// PreemptionPolicy describes a policy for if/when to preempt a pod.
-// +enum
-#PreemptionPolicy: string // #enumPreemptionPolicy
-
-#enumPreemptionPolicy:
- #PreemptLowerPriority |
- #PreemptNever
-
-// PreemptLowerPriority means that pod can preempt other pods with lower priority.
-#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority"
-
-// PreemptNever means that pod never preempts other pods with lower priority.
-#PreemptNever: #PreemptionPolicy & "Never"
-
-// TerminationMessagePolicy describes how termination messages are retrieved from a container.
-// +enum
-#TerminationMessagePolicy: string // #enumTerminationMessagePolicy
-
-#enumTerminationMessagePolicy:
- #TerminationMessageReadFile |
- #TerminationMessageFallbackToLogsOnError
-
-// TerminationMessageReadFile is the default behavior and will set the container status message to
-// the contents of the container's terminationMessagePath when the container exits.
-#TerminationMessageReadFile: #TerminationMessagePolicy & "File"
-
-// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs
-// for the container status message when the container exits with an error and the
-// terminationMessagePath has no contents.
-#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError"
-
-// Capability represent POSIX capabilities type
-#Capability: string
-
-// Adds and removes POSIX capabilities from running containers.
-#Capabilities: {
- // Added capabilities
- // +optional
- add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability)
-
- // Removed capabilities
- // +optional
- drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability)
-}
-
-// ResourceRequirements describes the compute resource requirements.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Requests describes the minimum amount of compute resources required.
- // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- // otherwise to an implementation-defined value. Requests cannot exceed Limits.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Claims lists the names of resources, defined in spec.resourceClaims,
- // that are used by this container.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable. It can only be set for containers.
- //
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt)
-}
-
-// ResourceClaim references one entry in PodSpec.ResourceClaims.
-#ResourceClaim: {
- // Name must match the name of one entry in pod.spec.resourceClaims of
- // the Pod where this field is used. It makes that resource available
- // inside a container.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TerminationMessagePathDefault means the default path to capture the application termination message running in a container
-#TerminationMessagePathDefault: "/dev/termination-log"
-
-// A single application container that you want to run within a pod.
-#Container: {
- // Name of the container specified as a DNS_LABEL.
- // Each container in a pod must have a unique name (DNS_LABEL).
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- // This field is optional to allow higher level config management to default or override
- // container images in workload controllers like Deployments and StatefulSets.
- // +optional
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The container image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The container image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // List of ports to expose from the container. Not specifying a port here
- // DOES NOT prevent that port from being exposed. Any port which is
- // listening on the default "0.0.0.0" address inside a container will be
- // accessible from the network.
- // Modifying this array with strategic merge patch may corrupt the data.
- // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Compute Resources required by this container.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // RestartPolicy defines the restart behavior of individual containers in a pod.
- // This field may only be set for init containers, and the only allowed value is "Always".
- // For non-init containers or when this field is not specified,
- // the restart behavior is defined by the Pod's restart policy and the container type.
- // Setting the RestartPolicy as "Always" for the init container will have the following effect:
- // this init container will be continually restarted on
- // exit until all regular containers have terminated. Once all regular
- // containers have completed, all init containers with restartPolicy "Always"
- // will be shut down. This lifecycle differs from normal init containers and
- // is often referred to as a "sidecar" container. Although this init
- // container still starts in the init container sequence, it does not wait
- // for the container to complete before proceeding to the next init
- // container. Instead, the next init container starts immediately after this
- // init container is started, or after any startupProbe has successfully
- // completed.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Periodic probe of container liveness.
- // Container will be restarted if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Periodic probe of container service readiness.
- // Container will be removed from service endpoints if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // StartupProbe indicates that the Pod has successfully initialized.
- // If specified, no other probes are executed until this completes successfully.
- // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- // when it might take a long time to load data or warm a cache, than during steady-state operation.
- // This cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Actions that the management system should take in response to container lifecycle events.
- // Cannot be updated.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // SecurityContext defines the security options the container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// ProbeHandler defines a specific action that should be taken in a probe.
-// One and only one of the fields must be specified.
-#ProbeHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // TCPSocket specifies an action involving a TCP port.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-
- // GRPC specifies an action involving a GRPC port.
- // +optional
- grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt)
-}
-
-// LifecycleHandler defines a specific action that should be taken in a lifecycle
-// hook. One and only one of the fields, except TCPSocket must be specified.
-#LifecycleHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- // for the backward compatibility. There are no validation of this field and
- // lifecycle hooks will fail in runtime when tcp handler is specified.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-}
-
-// Lifecycle describes actions that the management system should take in response to container lifecycle
-// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
-// until the action is complete, unless the container process fails, in which case the handler is aborted.
-#Lifecycle: {
- // PostStart is called immediately after a container is created. If the handler fails,
- // the container is terminated and restarted according to its restart policy.
- // Other management of the container blocks until the hook completes.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt)
-
- // PreStop is called immediately before a container is terminated due to an
- // API request or management event such as liveness/startup probe failure,
- // preemption, resource contention, etc. The handler is not called if the
- // container crashes or exits. The Pod's termination grace period countdown begins before the
- // PreStop hook is executed. Regardless of the outcome of the handler, the
- // container will eventually terminate within the Pod's termination grace
- // period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- // or until the termination grace period is reached.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt)
-}
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// ContainerStateWaiting is a waiting state of a container.
-#ContainerStateWaiting: {
- // (brief) reason the container is not yet running.
- // +optional
- reason?: string @go(Reason) @protobuf(1,bytes,opt)
-
- // Message regarding why the container is not yet running.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-}
-
-// ContainerStateRunning is a running state of a container.
-#ContainerStateRunning: {
- // Time at which the container was last (re-)started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt)
-}
-
-// ContainerStateTerminated is a terminated state of a container.
-#ContainerStateTerminated: {
- // Exit status from the last termination of the container
- exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt)
-
- // Signal from the last termination of the container
- // +optional
- signal?: int32 @go(Signal) @protobuf(2,varint,opt)
-
- // (brief) reason from the last termination of the container
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Message regarding the last termination of the container
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // Time at which previous execution of the container started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt)
-
- // Time at which the container last terminated
- // +optional
- finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt)
-
- // Container's ID in the format '://'
- // +optional
- containerID?: string @go(ContainerID) @protobuf(7,bytes,opt)
-}
-
-// ContainerState holds a possible state of container.
-// Only one of its members may be specified.
-// If none of them is specified, the default one is ContainerStateWaiting.
-#ContainerState: {
- // Details about a waiting container
- // +optional
- waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt)
-
- // Details about a running container
- // +optional
- running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt)
-
- // Details about a terminated container
- // +optional
- terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt)
-}
-
-// ContainerStatus contains details for the current status of this container.
-#ContainerStatus: {
- // Name is a DNS_LABEL representing the unique name of the container.
- // Each container in a pod must have a unique name across all container types.
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // State holds details about the container's current condition.
- // +optional
- state?: #ContainerState @go(State) @protobuf(2,bytes,opt)
-
- // LastTerminationState holds the last termination state of the container to
- // help debug container crashes and restarts. This field is not
- // populated if the container is still running and RestartCount is 0.
- // +optional
- lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt)
-
- // Ready specifies whether the container is currently passing its readiness check.
- // The value will change as readiness probes keep executing. If no readiness
- // probes are specified, this field defaults to true once the container is
- // fully started (see Started field).
- //
- // The value is typically used to determine whether a container is ready to
- // accept traffic.
- ready: bool @go(Ready) @protobuf(4,varint,opt)
-
- // RestartCount holds the number of times the container has been restarted.
- // Kubelet makes an effort to always increment the value, but there
- // are cases when the state may be lost due to node restarts and then the value
- // may be reset to 0. The value is never negative.
- restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt)
-
- // Image is the name of container image that the container is running.
- // The container image may not match the image used in the PodSpec,
- // as it may have been resolved by the runtime.
- // More info: https://kubernetes.io/docs/concepts/containers/images.
- image: string @go(Image) @protobuf(6,bytes,opt)
-
- // ImageID is the image ID of the container's image. The image ID may not
- // match the image ID of the image used in the PodSpec, as it may have been
- // resolved by the runtime.
- imageID: string @go(ImageID) @protobuf(7,bytes,opt)
-
- // ContainerID is the ID of the container in the format '://'.
- // Where type is a container runtime identifier, returned from Version call of CRI API
- // (for example "containerd").
- // +optional
- containerID?: string @go(ContainerID) @protobuf(8,bytes,opt)
-
- // Started indicates whether the container has finished its postStart lifecycle hook
- // and passed its startup probe.
- // Initialized as false, becomes true after startupProbe is considered
- // successful. Resets to false when the container is restarted, or if kubelet
- // loses state temporarily. In both cases, startup probes will run again.
- // Is always true when no startupProbe is defined and container is running and
- // has passed the postStart lifecycle hook. The null value must be treated the
- // same as false.
- // +optional
- started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt)
-
- // AllocatedResources represents the compute resources allocated for this container by the
- // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission
- // and after successfully admitting desired pod resize.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Resources represents the compute resource requests and limits that have been successfully
- // enacted on the running container after it has been started or has been successfully resized.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt)
-}
-
-// PodPhase is a label for the condition of a pod at the current time.
-// +enum
-#PodPhase: string // #enumPodPhase
-
-#enumPodPhase:
- #PodPending |
- #PodRunning |
- #PodSucceeded |
- #PodFailed |
- #PodUnknown
-
-// PodPending means the pod has been accepted by the system, but one or more of the containers
-// has not been started. This includes time before being bound to a node, as well as time spent
-// pulling images onto the host.
-#PodPending: #PodPhase & "Pending"
-
-// PodRunning means the pod has been bound to a node and all of the containers have been started.
-// At least one container is still running or is in the process of being restarted.
-#PodRunning: #PodPhase & "Running"
-
-// PodSucceeded means that all containers in the pod have voluntarily terminated
-// with a container exit code of 0, and the system is not going to restart any of these containers.
-#PodSucceeded: #PodPhase & "Succeeded"
-
-// PodFailed means that all containers in the pod have terminated, and at least one container has
-// terminated in a failure (exited with a non-zero exit code or was stopped by the system).
-#PodFailed: #PodPhase & "Failed"
-
-// PodUnknown means that for some reason the state of the pod could not be obtained, typically due
-// to an error in communicating with the host of the pod.
-// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)
-#PodUnknown: #PodPhase & "Unknown"
-
-// PodConditionType is a valid value for PodCondition.Type
-#PodConditionType: string // #enumPodConditionType
-
-#enumPodConditionType:
- #ContainersReady |
- #PodInitialized |
- #PodReady |
- #PodScheduled |
- #DisruptionTarget
-
-// ContainersReady indicates whether all containers in the pod are ready.
-#ContainersReady: #PodConditionType & "ContainersReady"
-
-// PodInitialized means that all init containers in the pod have started successfully.
-#PodInitialized: #PodConditionType & "Initialized"
-
-// PodReady means the pod is able to service requests and should be added to the
-// load balancing pools of all matching services.
-#PodReady: #PodConditionType & "Ready"
-
-// PodScheduled represents status of the scheduling process for this pod.
-#PodScheduled: #PodConditionType & "PodScheduled"
-
-// DisruptionTarget indicates the pod is about to be terminated due to a
-// disruption (such as preemption, eviction API or garbage-collection).
-#DisruptionTarget: #PodConditionType & "DisruptionTarget"
-
-// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler
-// can't schedule the pod right now, for example due to insufficient resources in the cluster.
-#PodReasonUnschedulable: "Unschedulable"
-
-// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler
-// skips scheduling the pod because one or more scheduling gates are still present.
-#PodReasonSchedulingGated: "SchedulingGated"
-
-// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens
-// during scheduling, for example due to nodeAffinity parsing errors.
-#PodReasonSchedulerError: "SchedulerError"
-
-// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination
-// is initiated by kubelet
-#PodReasonTerminationByKubelet: "TerminationByKubelet"
-
-// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the
-// disruption was initiated by scheduler's preemption.
-#PodReasonPreemptionByScheduler: "PreemptionByScheduler"
-
-// PodCondition contains details for the current condition of this pod.
-#PodCondition: {
- // Type is the type of the condition.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType)
-
- // Status is the status of the condition.
- // Can be True, False, Unknown.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // Unique, one-word, CamelCase reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PodResizeStatus shows status of desired resize of a pod's containers.
-#PodResizeStatus: string // #enumPodResizeStatus
-
-#enumPodResizeStatus:
- #PodResizeStatusProposed |
- #PodResizeStatusInProgress |
- #PodResizeStatusDeferred |
- #PodResizeStatusInfeasible
-
-// Pod resources resize has been requested and will be evaluated by node.
-#PodResizeStatusProposed: #PodResizeStatus & "Proposed"
-
-// Pod resources resize has been accepted by node and is being actuated.
-#PodResizeStatusInProgress: #PodResizeStatus & "InProgress"
-
-// Node cannot resize the pod at this time and will keep retrying.
-#PodResizeStatusDeferred: #PodResizeStatus & "Deferred"
-
-// Requested pod resize is not feasible and will not be re-evaluated.
-#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible"
-
-// RestartPolicy describes how the container should be restarted.
-// Only one of the following restart policies may be specified.
-// If none of the following policies is specified, the default one
-// is RestartPolicyAlways.
-// +enum
-#RestartPolicy: string // #enumRestartPolicy
-
-#enumRestartPolicy:
- #RestartPolicyAlways |
- #RestartPolicyOnFailure |
- #RestartPolicyNever
-
-#RestartPolicyAlways: #RestartPolicy & "Always"
-#RestartPolicyOnFailure: #RestartPolicy & "OnFailure"
-#RestartPolicyNever: #RestartPolicy & "Never"
-
-// ContainerRestartPolicy is the restart policy for a single container.
-// This may only be set for init containers and only allowed value is "Always".
-#ContainerRestartPolicy: string // #enumContainerRestartPolicy
-
-#enumContainerRestartPolicy:
- #ContainerRestartPolicyAlways
-
-#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always"
-
-// DNSPolicy defines how a pod's DNS will be configured.
-// +enum
-#DNSPolicy: string // #enumDNSPolicy
-
-#enumDNSPolicy:
- #DNSClusterFirstWithHostNet |
- #DNSClusterFirst |
- #DNSDefault |
- #DNSNone
-
-// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS
-// first, if it is available, then fall back on the default
-// (as determined by kubelet) DNS settings.
-#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet"
-
-// DNSClusterFirst indicates that the pod should use cluster DNS
-// first unless hostNetwork is true, if it is available, then
-// fall back on the default (as determined by kubelet) DNS settings.
-#DNSClusterFirst: #DNSPolicy & "ClusterFirst"
-
-// DNSDefault indicates that the pod should use the default (as
-// determined by kubelet) DNS settings.
-#DNSDefault: #DNSPolicy & "Default"
-
-// DNSNone indicates that the pod should use empty DNS settings. DNS
-// parameters such as nameservers and search paths should be defined via
-// DNSConfig.
-#DNSNone: #DNSPolicy & "None"
-
-// DefaultTerminationGracePeriodSeconds indicates the default duration in
-// seconds a pod needs to terminate gracefully.
-#DefaultTerminationGracePeriodSeconds: 30
-
-// A node selector represents the union of the results of one or more label queries
-// over a set of nodes; that is, it represents the OR of the selectors represented
-// by the node selector terms.
-// +structType=atomic
-#NodeSelector: {
- // Required. A list of node selector terms. The terms are ORed.
- nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep)
-}
-
-// A null or empty node selector term matches no objects. The requirements of
-// them are ANDed.
-// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
-// +structType=atomic
-#NodeSelectorTerm: {
- // A list of node selector requirements by node's labels.
- // +optional
- matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep)
-
- // A list of node selector requirements by node's fields.
- // +optional
- matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A node selector requirement is a selector that contains values, a key, and an operator
-// that relates the key and values.
-#NodeSelectorRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt, the values
- // array must have a single element, which will be interpreted as an integer.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A node selector operator is the set of operators that can be used in
-// a node selector requirement.
-// +enum
-#NodeSelectorOperator: string // #enumNodeSelectorOperator
-
-#enumNodeSelectorOperator:
- #NodeSelectorOpIn |
- #NodeSelectorOpNotIn |
- #NodeSelectorOpExists |
- #NodeSelectorOpDoesNotExist |
- #NodeSelectorOpGt |
- #NodeSelectorOpLt
-
-#NodeSelectorOpIn: #NodeSelectorOperator & "In"
-#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn"
-#NodeSelectorOpExists: #NodeSelectorOperator & "Exists"
-#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist"
-#NodeSelectorOpGt: #NodeSelectorOperator & "Gt"
-#NodeSelectorOpLt: #NodeSelectorOperator & "Lt"
-
-// A topology selector term represents the result of label queries.
-// A null or empty topology selector term matches no objects.
-// The requirements of them are ANDed.
-// It provides a subset of functionality as NodeSelectorTerm.
-// This is an alpha feature and may change in the future.
-// +structType=atomic
-#TopologySelectorTerm: {
- // A list of topology selector requirements by labels.
- // +optional
- matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep)
-}
-
-// A topology selector requirement is a selector that matches given label.
-// This is an alpha feature and may change in the future.
-#TopologySelectorLabelRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // An array of string values. One value must match the label to be selected.
- // Each entry in Values is ORed.
- values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep)
-}
-
-// Affinity is a group of affinity scheduling rules.
-#Affinity: {
- // Describes node affinity scheduling rules for the pod.
- // +optional
- nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt)
-
- // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt)
-
- // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt)
-}
-
-// Pod affinity is a group of inter pod affinity scheduling rules.
-#PodAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-#PodAntiAffinity: {
- // If the anti-affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the anti-affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the anti-affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling anti-affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
-#WeightedPodAffinityTerm: {
- // weight associated with matching the corresponding podAffinityTerm,
- // in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // Required. A pod affinity term, associated with the corresponding weight.
- podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt)
-}
-
-// Defines a set of pods (namely those matching the labelSelector
-// relative to the given namespace(s)) that this pod should be
-// co-located (affinity) or not co-located (anti-affinity) with,
-// where co-located is defined as running on a node whose value of
-// the label with key matches that of any node on which
-// a pod of the set of pods is running
-#PodAffinityTerm: {
- // A label query over a set of resources, in this case pods.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // namespaces specifies a static list of namespace names that the term applies to.
- // The term is applied to the union of the namespaces listed in this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- // +optional
- namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep)
-
- // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located is defined as running on a node
- // whose value of the label with key topologyKey matches that of any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt)
-
- // A label query over the set of namespaces that the term applies to.
- // The term is applied to the union of the namespaces selected by this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this pod's namespace".
- // An empty selector ({}) matches all namespaces.
- // +optional
- namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-}
-
-// Node affinity is a group of node affinity scheduling rules.
-#NodeAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to an update), the system
- // may or may not try to eventually evict the pod from its node.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node matches the corresponding matchExpressions; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep)
-}
-
-// An empty preferred scheduling term matches all objects with implicit weight 0
-// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
-#PreferredSchedulingTerm: {
- // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // A node selector term, associated with the corresponding weight.
- preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt)
-}
-
-// The node this Taint is attached to has the "effect" on
-// any pod that does not tolerate the Taint.
-#Taint: {
- // Required. The taint key to be applied to a node.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // The taint value corresponding to the taint key.
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Required. The effect of the taint on pods
- // that do not tolerate the taint.
- // Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect)
-
- // TimeAdded represents the time at which the taint was added.
- // It is only written for NoExecute taints.
- // +optional
- timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// +enum
-#TaintEffect: string // #enumTaintEffect
-
-#enumTaintEffect:
- #TaintEffectNoSchedule |
- #TaintEffectPreferNoSchedule |
- #TaintEffectNoExecute
-
-// Do not allow new pods to schedule onto the node unless they tolerate the taint,
-// but allow all pods submitted to Kubelet without going through the scheduler
-// to start, and allow all already-running pods to continue running.
-// Enforced by the scheduler.
-#TaintEffectNoSchedule: #TaintEffect & "NoSchedule"
-
-// Like TaintEffectNoSchedule, but the scheduler tries not to schedule
-// new pods onto the node, rather than prohibiting new pods from scheduling
-// onto the node entirely. Enforced by the scheduler.
-#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule"
-
-// Evict any already-running pods that do not tolerate the taint.
-// Currently enforced by NodeController.
-#TaintEffectNoExecute: #TaintEffect & "NoExecute"
-
-// The pod this Toleration is attached to tolerates any taint that matches
-// the triple using the matching operator .
-#Toleration: {
- // Key is the taint key that the toleration applies to. Empty means match all taint keys.
- // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- // +optional
- key?: string @go(Key) @protobuf(1,bytes,opt)
-
- // Operator represents a key's relationship to the value.
- // Valid operators are Exists and Equal. Defaults to Equal.
- // Exists is equivalent to wildcard for value, so that a pod can
- // tolerate all taints of a particular category.
- // +optional
- operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator)
-
- // Value is the taint value the toleration matches to.
- // If the operator is Exists, the value should be empty, otherwise just a regular string.
- // +optional
- value?: string @go(Value) @protobuf(3,bytes,opt)
-
- // Effect indicates the taint effect to match. Empty means match all taint effects.
- // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- // +optional
- effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect)
-
- // TolerationSeconds represents the period of time the toleration (which must be
- // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- // it is not set, which means tolerate the taint forever (do not evict). Zero and
- // negative values will be treated as 0 (evict immediately) by the system.
- // +optional
- tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt)
-}
-
-// A toleration operator is the set of operators that can be used in a toleration.
-// +enum
-#TolerationOperator: string // #enumTolerationOperator
-
-#enumTolerationOperator:
- #TolerationOpExists |
- #TolerationOpEqual
-
-#TolerationOpExists: #TolerationOperator & "Exists"
-#TolerationOpEqual: #TolerationOperator & "Equal"
-
-// PodReadinessGate contains the reference to a pod condition
-#PodReadinessGate: {
- // ConditionType refers to a condition in the pod's condition list with matching type.
- conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType)
-}
-
-// PodSpec is a description of a pod.
-#PodSpec: {
- // List of volumes that can be mounted by containers belonging to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep)
-
- // List of initialization containers belonging to the pod.
- // Init containers are executed in order prior to containers being started. If any
- // init container fails, the pod is considered to have failed and is handled according
- // to its restartPolicy. The name for an init container or normal container must be
- // unique among all containers.
- // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- // The resourceRequirements of an init container are taken into account during scheduling
- // by finding the highest request/limit for each resource type, and then using the max of
- // of that value or the sum of the normal containers. Limits are applied to init containers
- // in a similar fashion.
- // Init containers cannot currently be added or removed.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- // +patchMergeKey=name
- // +patchStrategy=merge
- initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep)
-
- // List of containers belonging to the pod.
- // Containers cannot currently be added or removed.
- // There must be at least one container in a Pod.
- // Cannot be updated.
- // +patchMergeKey=name
- // +patchStrategy=merge
- containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep)
-
- // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
- // pod to perform user-initiated actions such as debugging. This list cannot be specified when
- // creating a pod, and it cannot be modified by updating the pod spec. In order to add an
- // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep)
-
- // Restart policy for all containers within the pod.
- // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
- // Default to Always.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- // +optional
- restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy)
-
- // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // If this value is nil, the default grace period will be used instead.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // Defaults to 30 seconds.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt)
-
- // Optional duration in seconds the pod may be active on the node relative to
- // StartTime before the system will actively try to mark it failed and kill associated containers.
- // Value must be a positive integer.
- // +optional
- activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt)
-
- // Set DNS policy for the pod.
- // Defaults to "ClusterFirst".
- // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
- // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
- // To have DNS options set along with hostNetwork, you have to specify DNS policy
- // explicitly to 'ClusterFirstWithHostNet'.
- // +optional
- dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy)
-
- // NodeSelector is a selector which must be true for the pod to fit on a node.
- // Selector which must match a node's labels for the pod to be scheduled on that node.
- // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- // +optional
- // +mapType=atomic
- nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep)
-
- // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- // +optional
- serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt)
-
- // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
- // Deprecated: Use serviceAccountName instead.
- // +k8s:conversion-gen=false
- // +optional
- serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt)
-
- // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt)
-
- // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
- // the scheduler simply schedules this pod onto that node, assuming that it fits resource
- // requirements.
- // +optional
- nodeName?: string @go(NodeName) @protobuf(10,bytes,opt)
-
- // Host networking requested for this pod. Use the host's network namespace.
- // If this option is set, the ports that will be used must be specified.
- // Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt)
-
- // Use the host's pid namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostPID?: bool @go(HostPID) @protobuf(12,varint,opt)
-
- // Use the host's ipc namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt)
-
- // Share a single process namespace between all of the containers in a pod.
- // When this is set containers will be able to view and signal processes from other containers
- // in the same pod, and the first process in each container will not be assigned PID 1.
- // HostPID and ShareProcessNamespace cannot both be set.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt)
-
- // SecurityContext holds pod-level security attributes and common container settings.
- // Optional: Defaults to empty. See type description for default values of each field.
- // +optional
- securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt)
-
- // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
- // If specified, these secrets will be passed to individual puller implementations for them to use.
- // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep)
-
- // Specifies the hostname of the Pod
- // If not specified, the pod's hostname will be set to a system-defined value.
- // +optional
- hostname?: string @go(Hostname) @protobuf(16,bytes,opt)
-
- // If specified, the fully qualified Pod hostname will be "...svc.".
- // If not specified, the pod will not have a domainname at all.
- // +optional
- subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt)
-
- // If specified, the pod's scheduling constraints
- // +optional
- affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt)
-
- // If specified, the pod will be dispatched by specified scheduler.
- // If not specified, the pod will be dispatched by default scheduler.
- // +optional
- schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt)
-
- // If specified, the pod's tolerations.
- // +optional
- tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt)
-
- // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
- // file if specified. This is only valid for non-hostNetwork pods.
- // +optional
- // +patchMergeKey=ip
- // +patchStrategy=merge
- hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep)
-
- // If specified, indicates the pod's priority. "system-node-critical" and
- // "system-cluster-critical" are two special keywords which indicate the
- // highest priorities with the former being the highest priority. Any other
- // name must be defined by creating a PriorityClass object with that name.
- // If not specified, the pod priority will be default or zero if there is no
- // default.
- // +optional
- priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt)
-
- // The priority value. Various system components use this field to find the
- // priority of the pod. When Priority Admission Controller is enabled, it
- // prevents users from setting this field. The admission controller populates
- // this field from PriorityClassName.
- // The higher the value, the higher the priority.
- // +optional
- priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt)
-
- // Specifies the DNS parameters of a pod.
- // Parameters specified here will be merged to the generated DNS
- // configuration based on DNSPolicy.
- // +optional
- dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt)
-
- // If specified, all readiness gates will be evaluated for pod readiness.
- // A pod is ready when all its containers are ready AND
- // all conditions specified in the readiness gates have status equal to "True"
- // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
- // +optional
- readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt)
-
- // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
- // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
- // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
- // empty definition that uses the default runtime handler.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
- // +optional
- runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt)
-
- // EnableServiceLinks indicates whether information about services should be injected into pod's
- // environment variables, matching the syntax of Docker links.
- // Optional: Defaults to true.
- // +optional
- enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt)
-
- // PreemptionPolicy is the Policy for preempting pods with lower priority.
- // One of Never, PreemptLowerPriority.
- // Defaults to PreemptLowerPriority if unset.
- // +optional
- preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt)
-
- // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
- // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
- // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
- // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
- // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
- // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
- // +optional
- overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt)
-
- // TopologySpreadConstraints describes how a group of pods ought to spread across topology
- // domains. Scheduler will schedule pods in a way which abides by the constraints.
- // All topologySpreadConstraints are ANDed.
- // +optional
- // +patchMergeKey=topologyKey
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=topologyKey
- // +listMapKey=whenUnsatisfiable
- topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt)
-
- // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
- // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
- // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
- // If a pod does not have FQDN, this has no effect.
- // Default to false.
- // +optional
- setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt)
-
- // Specifies the OS of the containers in the pod.
- // Some pod and container fields are restricted if this is set.
- //
- // If the OS field is set to linux, the following fields must be unset:
- // -securityContext.windowsOptions
- //
- // If the OS field is set to windows, following fields must be unset:
- // - spec.hostPID
- // - spec.hostIPC
- // - spec.hostUsers
- // - spec.securityContext.seLinuxOptions
- // - spec.securityContext.seccompProfile
- // - spec.securityContext.fsGroup
- // - spec.securityContext.fsGroupChangePolicy
- // - spec.securityContext.sysctls
- // - spec.shareProcessNamespace
- // - spec.securityContext.runAsUser
- // - spec.securityContext.runAsGroup
- // - spec.securityContext.supplementalGroups
- // - spec.containers[*].securityContext.seLinuxOptions
- // - spec.containers[*].securityContext.seccompProfile
- // - spec.containers[*].securityContext.capabilities
- // - spec.containers[*].securityContext.readOnlyRootFilesystem
- // - spec.containers[*].securityContext.privileged
- // - spec.containers[*].securityContext.allowPrivilegeEscalation
- // - spec.containers[*].securityContext.procMount
- // - spec.containers[*].securityContext.runAsUser
- // - spec.containers[*].securityContext.runAsGroup
- // +optional
- os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt)
-
- // Use the host's user namespace.
- // Optional: Default to true.
- // If set to true or not present, the pod will be run in the host user namespace, useful
- // for when the pod needs a feature only available to the host user namespace, such as
- // loading a kernel module with CAP_SYS_MODULE.
- // When set to false, a new userns is created for the pod. Setting false is useful for
- // mitigating container breakout vulnerabilities even allowing users to run their
- // containers as root without actually having root privileges on the host.
- // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
- // +k8s:conversion-gen=false
- // +optional
- hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt)
-
- // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
- // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
- // scheduler will not attempt to schedule the pod.
- //
- // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
- //
- // This is a beta feature enabled by the PodSchedulingReadiness feature gate.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=name
- // +featureGate=PodSchedulingReadiness
- // +optional
- schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt)
-
- // ResourceClaims defines which ResourceClaims must be allocated
- // and reserved before the Pod is allowed to start. The resources
- // will be made available to those containers which consume them
- // by name.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep)
-}
-
-// PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
-// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
-// Containers that need access to the ResourceClaim reference it with this name.
-#PodResourceClaim: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // Source describes where to find the ResourceClaim.
- source?: #ClaimSource @go(Source) @protobuf(2,bytes)
-}
-
-// ClaimSource describes a reference to a ResourceClaim.
-//
-// Exactly one of these fields should be set. Consumers of this type must
-// treat an empty object as if it has an unknown value.
-#ClaimSource: {
- // ResourceClaimName is the name of a ResourceClaim object in the same
- // namespace as this pod.
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt)
-
- // ResourceClaimTemplateName is the name of a ResourceClaimTemplate
- // object in the same namespace as this pod.
- //
- // The template will be used to create a new ResourceClaim, which will
- // be bound to this pod. When this pod is deleted, the ResourceClaim
- // will also be deleted. The pod name and resource name, along with a
- // generated component, will be used to form a unique name for the
- // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
- //
- // This field is immutable and no changes will be made to the
- // corresponding ResourceClaim by the control plane after creating the
- // ResourceClaim.
- resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt)
-}
-
-// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
-// which references a ResourceClaimTemplate. It stores the generated name for
-// the corresponding ResourceClaim.
-#PodResourceClaimStatus: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must match the name of an entry in pod.spec.resourceClaims,
- // which implies that the string must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // ResourceClaimName is the name of the ResourceClaim that was
- // generated for the Pod in the namespace of the Pod. It this is
- // unset, then generating a ResourceClaim was not necessary. The
- // pod.spec.resourceClaims entry can be ignored in this case.
- //
- // +optional
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt)
-}
-
-// OSName is the set of OS'es that can be used in OS.
-#OSName: string // #enumOSName
-
-#enumOSName:
- #Linux |
- #Windows
-
-#Linux: #OSName & "linux"
-#Windows: #OSName & "windows"
-
-// PodOS defines the OS parameters of a pod.
-#PodOS: {
- // Name is the name of the operating system. The currently supported values are linux and windows.
- // Additional value may be defined in future and can be one of:
- // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- // Clients should expect to handle additional values and treat unrecognized values in this field as os: null
- name: #OSName @go(Name) @protobuf(1,bytes,opt)
-}
-
-// PodSchedulingGate is associated to a Pod to guard its scheduling.
-#PodSchedulingGate: {
- // Name of the scheduling gate.
- // Each scheduling gate must have a unique name field.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// +enum
-#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction
-
-#enumUnsatisfiableConstraintAction:
- #DoNotSchedule |
- #ScheduleAnyway
-
-// DoNotSchedule instructs the scheduler not to schedule the pod
-// when constraints are not satisfied.
-#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule"
-
-// ScheduleAnyway instructs the scheduler to schedule the pod
-// even if constraints are not satisfied.
-#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway"
-
-// NodeInclusionPolicy defines the type of node inclusion policy
-// +enum
-#NodeInclusionPolicy: string // #enumNodeInclusionPolicy
-
-#enumNodeInclusionPolicy:
- #NodeInclusionPolicyIgnore |
- #NodeInclusionPolicyHonor
-
-// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore"
-
-// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor"
-
-// TopologySpreadConstraint specifies how to spread matching pods among the given topology.
-#TopologySpreadConstraint: {
- // MaxSkew describes the degree to which pods may be unevenly distributed.
- // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- // between the number of matching pods in the target topology and the global minimum.
- // The global minimum is the minimum number of matching pods in an eligible domain
- // or zero if the number of eligible domains is less than MinDomains.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 2/2/1:
- // In this case, the global minimum is 1.
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P |
- // +-------+-------+-------+
- // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- // violate MaxSkew(1).
- // - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- // to topologies that satisfy it.
- // It's a required field. Default value is 1 and 0 is not allowed.
- maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt)
-
- // TopologyKey is the key of node labels. Nodes that have a label with this key
- // and identical values are considered to be in the same topology.
- // We consider each as a "bucket", and try to put balanced number
- // of pods into each bucket.
- // We define a domain as a particular instance of a topology.
- // Also, we define an eligible domain as a domain whose nodes meet the requirements of
- // nodeAffinityPolicy and nodeTaintsPolicy.
- // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- // It's a required field.
- topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt)
-
- // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- // the spread constraint.
- // - DoNotSchedule (default) tells the scheduler not to schedule it.
- // - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- // but giving higher precedence to topologies that would help reduce the
- // skew.
- // A constraint is considered "Unsatisfiable" for an incoming pod
- // if and only if every possible node assignment for that pod would violate
- // "MaxSkew" on some topology.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 3/1/1:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P P | P | P |
- // +-------+-------+-------+
- // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- // won't make it *more* imbalanced.
- // It's a required field.
- whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction)
-
- // LabelSelector is used to find matching pods.
- // Pods that match this label selector are counted to determine the number of pods
- // in their corresponding topology domain.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // MinDomains indicates a minimum number of eligible domains.
- // When the number of eligible domains with matching topology keys is less than minDomains,
- // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- // And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- // this value has no effect on scheduling.
- // As a result, when the number of eligible domains is less than minDomains,
- // scheduler won't schedule more than maxSkew Pods to those domains.
- // If value is nil, the constraint behaves as if MinDomains is equal to 1.
- // Valid values are integers greater than 0.
- // When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- //
- // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- // labelSelector spread as 2/2/2:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P P |
- // +-------+-------+-------+
- // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- // In this situation, new pod with the same labelSelector cannot be scheduled,
- // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- // it will violate MaxSkew.
- //
- // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
- // +optional
- minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt)
-
- // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- // when calculating pod topology spread skew. Options are:
- // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- //
- // If this value is nil, the behavior is equivalent to the Honor policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt)
-
- // NodeTaintsPolicy indicates how we will treat node taints when calculating
- // pod topology spread skew. Options are:
- // - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- // has a toleration, are included.
- // - Ignore: node taints are ignored. All nodes are included.
- //
- // If this value is nil, the behavior is equivalent to the Ignore policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt)
-
- // MatchLabelKeys is a set of pod label keys to select the pods over which
- // spreading will be calculated. The keys are used to lookup values from the
- // incoming pod labels, those key-value labels are ANDed with labelSelector
- // to select the group of existing pods over which spreading will be calculated
- // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- // MatchLabelKeys cannot be set when LabelSelector isn't set.
- // Keys that don't exist in the incoming pod labels will
- // be ignored. A null or empty list means only match against labelSelector.
- //
- // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- // +listType=atomic
- // +optional
- matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt)
-}
-
-// The default value for enableServiceLinks attribute.
-#DefaultEnableServiceLinks: true
-
-// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
-// pod's hosts file.
-#HostAlias: {
- // IP address of the host file entry.
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostnames for the above IP address.
- hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep)
-}
-
-// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
-// when volume is mounted.
-// +enum
-#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy
-
-#enumPodFSGroupChangePolicy:
- #FSGroupChangeOnRootMismatch |
- #FSGroupChangeAlways
-
-// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed
-// only when permission and ownership of root directory does not match with expected
-// permissions on the volume. This can help shorten the time it takes to change
-// ownership and permissions of a volume.
-#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch"
-
-// FSGroupChangeAlways indicates that volume's ownership and permissions
-// should always be changed whenever volume is mounted inside a Pod. This the default
-// behavior.
-#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always"
-
-// PodSecurityContext holds pod-level security attributes and common container settings.
-// Some fields are also present in container.securityContext. Field values of
-// container.securityContext take precedence over field values of PodSecurityContext.
-#PodSecurityContext: {
- // The SELinux context to be applied to all containers.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in SecurityContext. If set in
- // both SecurityContext and PodSecurityContext, the value specified in SecurityContext
- // takes precedence for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options within a container's SecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt)
-
- // A list of groups applied to the first process run in each container, in addition
- // to the container's primary GID, the fsGroup (if specified), and group memberships
- // defined in the container image for the uid of the container process. If unspecified,
- // no additional groups are added to any container. Note that group memberships
- // defined in the container image for the uid of the container process are still effective,
- // even if they are not included in this list.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep)
-
- // A special supplemental group that applies to all containers in a pod.
- // Some volume types allow the Kubelet to change the ownership of that volume
- // to be owned by the pod:
- //
- // 1. The owning GID will be the FSGroup
- // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
- // 3. The permission bits are OR'd with rw-rw----
- //
- // If unset, the Kubelet will not modify the ownership and permissions of any volume.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt)
-
- // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
- // sysctls (by the container runtime) might fail to launch.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep)
-
- // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
- // before being exposed inside Pod. This field will only apply to
- // volume types which support fsGroup based ownership(and permissions).
- // It will have no effect on ephemeral volume types such as: secret, configmaps
- // and emptydir.
- // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by the containers in this pod.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt)
-}
-
-// SeccompProfile defines a pod/container's seccomp profile settings.
-// Only one profile source may be set.
-// +union
-#SeccompProfile: {
- // type indicates which kind of seccomp profile will be applied.
- // Valid options are:
- //
- // Localhost - a profile defined in a file on the node should be used.
- // RuntimeDefault - the container runtime default profile should be used.
- // Unconfined - no profile should be applied.
- // +unionDiscriminator
- type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType)
-
- // localhostProfile indicates a profile defined in a file on the node should be used.
- // The profile must be preconfigured on the node to work.
- // Must be a descending path, relative to the kubelet's configured seccomp profile location.
- // Must be set if type is "Localhost". Must NOT be set for any other type.
- // +optional
- localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt)
-}
-
-// SeccompProfileType defines the supported seccomp profile types.
-// +enum
-#SeccompProfileType: string // #enumSeccompProfileType
-
-#enumSeccompProfileType:
- #SeccompProfileTypeUnconfined |
- #SeccompProfileTypeRuntimeDefault |
- #SeccompProfileTypeLocalhost
-
-// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined).
-#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined"
-
-// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile.
-#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault"
-
-// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used.
-// The file's location relative to /seccomp.
-#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost"
-
-// PodQOSClass defines the supported qos classes of Pods.
-// +enum
-#PodQOSClass: string // #enumPodQOSClass
-
-#enumPodQOSClass:
- #PodQOSGuaranteed |
- #PodQOSBurstable |
- #PodQOSBestEffort
-
-// PodQOSGuaranteed is the Guaranteed qos class.
-#PodQOSGuaranteed: #PodQOSClass & "Guaranteed"
-
-// PodQOSBurstable is the Burstable qos class.
-#PodQOSBurstable: #PodQOSClass & "Burstable"
-
-// PodQOSBestEffort is the BestEffort qos class.
-#PodQOSBestEffort: #PodQOSClass & "BestEffort"
-
-// PodDNSConfig defines the DNS parameters of a pod in addition to
-// those generated from DNSPolicy.
-#PodDNSConfig: {
- // A list of DNS name server IP addresses.
- // This will be appended to the base nameservers generated from DNSPolicy.
- // Duplicated nameservers will be removed.
- // +optional
- nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep)
-
- // A list of DNS search domains for host-name lookup.
- // This will be appended to the base search paths generated from DNSPolicy.
- // Duplicated search paths will be removed.
- // +optional
- searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep)
-
- // A list of DNS resolver options.
- // This will be merged with the base options generated from DNSPolicy.
- // Duplicated entries will be removed. Resolution options given in Options
- // will override those that appear in the base DNSPolicy.
- // +optional
- options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep)
-}
-
-// PodDNSConfigOption defines DNS resolver options of a pod.
-#PodDNSConfigOption: {
- // Required.
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // +optional
- value?: null | string @go(Value,*string) @protobuf(2,bytes,opt)
-}
-
-// PodIP represents a single IP address allocated to the pod.
-#PodIP: {
- // IP is the IP address assigned to the pod
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// HostIP represents a single IP address allocated to the host.
-#HostIP: {
- // IP is the IP address assigned to the host
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// EphemeralContainerCommon is a copy of all fields in Container to be inlined in
-// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer
-// to Container and allows separate documentation for the fields of EphemeralContainer.
-// When a new field is added to Container it must be added here as well.
-#EphemeralContainerCommon: {
- // Name of the ephemeral container specified as a DNS_LABEL.
- // This name must be unique among all containers, init containers and ephemeral containers.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // Ports are not allowed for ephemeral containers.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
- // already allocated to the pod.
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // Restart policy for the container to manage the restart behavior of each
- // container within a pod.
- // This may only be set for init containers. You cannot set this field on
- // ephemeral containers.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Lifecycle is not allowed for ephemeral containers.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // Optional: SecurityContext defines the security options the ephemeral container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// An EphemeralContainer is a temporary container that you may add to an existing Pod for
-// user-initiated activities such as debugging. Ephemeral containers have no resource or
-// scheduling guarantees, and they will not be restarted when they exit or when a Pod is
-// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
-// Pod to exceed its resource allocation.
-//
-// To add an ephemeral container, use the ephemeralcontainers subresource of an existing
-// Pod. Ephemeral containers may not be removed or restarted.
-#EphemeralContainer: {
- #EphemeralContainerCommon
-
- // If set, the name of the container from PodSpec that this ephemeral container targets.
- // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
- // If not set then the ephemeral container uses the namespaces configured in the Pod spec.
- //
- // The container runtime must implement support for this feature. If the runtime does not
- // support namespace targeting then the result of setting this field is undefined.
- // +optional
- targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt)
-}
-
-// PodStatus represents information about the status of a pod. Status may trail the actual
-// state of a system, especially if the node that hosts the pod cannot contact the control
-// plane.
-#PodStatus: {
- // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
- // The conditions array, the reason and message fields, and the individual container status
- // arrays contain more detail about the pod's status.
- // There are five possible phase values:
- //
- // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
- // container images has not been created. This includes time before being scheduled as
- // well as time spent downloading images over the network, which could take a while.
- // Running: The pod has been bound to a node, and all of the containers have been created.
- // At least one container is still running, or is in the process of starting or restarting.
- // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
- // Failed: All containers in the pod have terminated, and at least one container has
- // terminated in failure. The container either exited with non-zero status or was terminated
- // by the system.
- // Unknown: For some reason the state of the pod could not be obtained, typically due to an
- // error in communicating with the host of the pod.
- //
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
- // +optional
- phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase)
-
- // Current service state of pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep)
-
- // A human readable message indicating details about why the pod is in this condition.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A brief CamelCase message indicating details about why the pod is in this state.
- // e.g. 'Evicted'
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be
- // scheduled right away as preemption victims receive their graceful termination periods.
- // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide
- // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to
- // give the resources on this node to a higher priority pod that is created after preemption.
- // As a result, this field may be different than PodSpec.nodeName when the pod is
- // scheduled.
- // +optional
- nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt)
-
- // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
- // not be updated even if there is a node is assigned to pod
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-
- // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
- // match the hostIP field. This list is empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
- // not be updated even if there is a node is assigned to this pod.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- // +listType=atomic
- hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep)
-
- // podIP address allocated to the pod. Routable at least within the cluster.
- // Empty if not yet allocated.
- // +optional
- podIP?: string @go(PodIP) @protobuf(6,bytes,opt)
-
- // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must
- // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list
- // is empty if no IPs have been allocated yet.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep)
-
- // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
- // This is before the Kubelet pulled the container image(s) for the pod.
- // +optional
- startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt)
-
- // The list has one entry per init container in the manifest. The most recent successful
- // init container will have ready = true, the most recently started container will have
- // startTime set.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep)
-
- // The list has one entry per container in the manifest.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- // +optional
- containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep)
-
- // The Quality of Service (QOS) classification assigned to the pod based on resource requirements
- // See PodQOSClass type for available QOS classes
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
- // +optional
- qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep)
-
- // Status for any ephemeral containers that have run in this pod.
- // +optional
- ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep)
-
- // Status of resources resize desired for pod's containers.
- // It is empty if no resources resize is pending.
- // Any changes to container resources will automatically set this to "Proposed"
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus)
-
- // Status of resource claims.
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep)
-}
-
-// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
-#PodStatusResult: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(2,bytes,opt)
-}
-
-// Pod is a collection of containers that can run on a host. This resource is created
-// by clients and scheduled onto hosts.
-#Pod: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PodList is a list of Pods.
-#PodList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pods.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
- items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep)
-}
-
-// PodTemplateSpec describes the data a pod should have when created from a template
-#PodTemplateSpec: {
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// PodTemplate describes a template for creating copies of a predefined pod.
-#PodTemplate: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Template defines the pods that will be created from this pod template.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
-}
-
-// PodTemplateList is a list of PodTemplates.
-#PodTemplateList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pod templates
- items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep)
-}
-
-// ReplicationControllerSpec is the specification of a replication controller.
-#ReplicationControllerSpec: {
- // Replicas is the number of desired replicas.
- // This is a pointer to distinguish between explicit zero and unspecified.
- // Defaults to 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // Selector is a label query over pods that should match the Replicas count.
- // If Selector is empty, it is defaulted to the labels present on the Pod template.
- // Label keys and values that must match in order to be controlled by this replication
- // controller, if empty defaulted to labels on Pod template.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // Template is the object that describes the pod that will be created if
- // insufficient replicas are detected. This takes precedence over a TemplateRef.
- // The only allowed template.spec.restartPolicy value is "Always".
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- // +optional
- template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerStatus represents the current status of a replication
-// controller.
-#ReplicationControllerStatus: {
- // Replicas is the most recently observed number of replicas.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
-
- // The number of pods that have labels matching the labels of the pod template of the replication controller.
- // +optional
- fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
-
- // The number of ready replicas for this replication controller.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
-
- // The number of available replicas (ready for at least minReadySeconds) for this replication controller.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
-
- // ObservedGeneration reflects the generation of the most recently observed replication controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // Represents the latest available observations of a replication controller's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep)
-}
-
-#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType
-
-#enumReplicationControllerConditionType:
- #ReplicationControllerReplicaFailure
-
-// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods
-// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors,
-// etc. or deleted due to kubelet being down or finalizers are failing.
-#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure"
-
-// ReplicationControllerCondition describes the state of a replication controller at a certain point.
-#ReplicationControllerCondition: {
- // Type of replication controller condition.
- type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // The last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// ReplicationController represents the configuration of a replication controller.
-#ReplicationController: {
- metav1.#TypeMeta
-
- // If the Labels of a ReplicationController are empty, they are defaulted to
- // be the same as the Pod(s) that the replication controller manages.
- // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the specification of the desired behavior of the replication controller.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the most recently observed status of the replication controller.
- // This data may be out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerList is a collection of replication controllers.
-#ReplicationControllerList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of replication controllers.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
- items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep)
-}
-
-// Session Affinity Type string
-// +enum
-#ServiceAffinity: string // #enumServiceAffinity
-
-#enumServiceAffinity:
- #ServiceAffinityClientIP |
- #ServiceAffinityNone
-
-// ServiceAffinityClientIP is the Client IP based.
-#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP"
-
-// ServiceAffinityNone - no session affinity.
-#ServiceAffinityNone: #ServiceAffinity & "None"
-
-#DefaultClientIPServiceAffinitySeconds: int32 & 10800
-
-// SessionAffinityConfig represents the configurations of session affinity.
-#SessionAffinityConfig: {
- // clientIP contains the configurations of Client IP based session affinity.
- // +optional
- clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt)
-}
-
-// ClientIPConfig represents the configurations of Client IP based session affinity.
-#ClientIPConfig: {
- // timeoutSeconds specifies the seconds of ClientIP type session sticky time.
- // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
- // Default value is 10800(for 3 hours).
- // +optional
- timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt)
-}
-
-// Service Type string describes ingress methods for a service
-// +enum
-#ServiceType: string // #enumServiceType
-
-#enumServiceType:
- #ServiceTypeClusterIP |
- #ServiceTypeNodePort |
- #ServiceTypeLoadBalancer |
- #ServiceTypeExternalName
-
-// ServiceTypeClusterIP means a service will only be accessible inside the
-// cluster, via the cluster IP.
-#ServiceTypeClusterIP: #ServiceType & "ClusterIP"
-
-// ServiceTypeNodePort means a service will be exposed on one port of
-// every node, in addition to 'ClusterIP' type.
-#ServiceTypeNodePort: #ServiceType & "NodePort"
-
-// ServiceTypeLoadBalancer means a service will be exposed via an
-// external load balancer (if the cloud provider supports it), in addition
-// to 'NodePort' type.
-#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer"
-
-// ServiceTypeExternalName means a service consists of only a reference to
-// an external name that kubedns or equivalent will return as a CNAME
-// record, with no exposing or proxying of any pods involved.
-#ServiceTypeExternalName: #ServiceType & "ExternalName"
-
-// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on the ClusterIP.
-// +enum
-#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy
-
-#enumServiceInternalTrafficPolicy:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster"
-
-// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same
-// node as the client pod (dropping the traffic if there are no local endpoints).
-#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType
-
-#enumServiceInternalTrafficPolicyType:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs,
-// and LoadBalancer IPs.
-// +enum
-#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy
-
-#enumServiceExternalTrafficPolicy:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
-// routing only to endpoints on the same node as the traffic was received on
-// (dropping the traffic if there are no local endpoints).
-#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType
-
-#enumServiceExternalTrafficPolicyType:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local"
-#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// LoadBalancerPortsError represents the condition of the requested ports
-// on the cloud load balancer instance.
-#LoadBalancerPortsError: "LoadBalancerPortsError"
-
-// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError
-// means the LoadBalancer was not able to be configured correctly.
-#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported"
-
-// ServiceStatus represents the current status of a service.
-#ServiceStatus: {
- // LoadBalancer contains the current status of the load-balancer,
- // if one is present.
- // +optional
- loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
-
- // Current service state
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=type
- conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep)
-}
-
-// LoadBalancerStatus represents the status of a load-balancer.
-#LoadBalancerStatus: {
- // Ingress is a list containing ingress points for the load-balancer.
- // Traffic intended for the service should be sent to these ingress points.
- // +optional
- ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep)
-}
-
-// LoadBalancerIngress represents the status of a load-balancer ingress point:
-// traffic intended for the service should be sent to an ingress point.
-#LoadBalancerIngress: {
- // IP is set for load-balancer ingress points that are IP based
- // (typically GCE or OpenStack load-balancers)
- // +optional
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostname is set for load-balancer ingress points that are DNS based
- // (typically AWS load-balancers)
- // +optional
- hostname?: string @go(Hostname) @protobuf(2,bytes,opt)
-
- // Ports is a list of records of service ports
- // If used, every port defined in the service should have an entry in it
- // +listType=atomic
- // +optional
- ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep)
-}
-
-// IPFamily represents the IP Family (IPv4 or IPv6). This type is used
-// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
-// +enum
-#IPFamily: string // #enumIPFamily
-
-#enumIPFamily:
- #IPv4Protocol |
- #IPv6Protocol
-
-// IPv4Protocol indicates that this IP is IPv4 protocol
-#IPv4Protocol: #IPFamily & "IPv4"
-
-// IPv6Protocol indicates that this IP is IPv6 protocol
-#IPv6Protocol: #IPFamily & "IPv6"
-
-// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service
-// +enum
-#IPFamilyPolicy: string // #enumIPFamilyPolicy
-
-#enumIPFamilyPolicy:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily.
-// The IPFamily assigned is based on the default IPFamily used by the cluster
-// or as identified by service.spec.ipFamilies field
-#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack"
-
-// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when
-// the cluster is configured for dual-stack. If the cluster is not configured
-// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not
-// set in service.spec.ipFamilies then the service will be assigned the default IPFamily
-// configured on the cluster
-#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack"
-
-// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using
-// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The
-// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If
-// service.spec.ipFamilies was not provided then it will be assigned according to how they are
-// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative
-// IPFamily will be added by apiserver
-#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack"
-
-// for backwards compat
-// +enum
-#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType
-
-#enumIPFamilyPolicyType:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// ServiceSpec describes the attributes that a user creates on a service.
-#ServiceSpec: {
- // The list of ports that are exposed by this service.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +patchMergeKey=port
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=port
- // +listMapKey=protocol
- ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep)
-
- // Route service traffic to pods with label keys and values matching this
- // selector. If empty or not present, the service is assumed to have an
- // external process managing its endpoints, which Kubernetes will not
- // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
- // Ignored if type is ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // clusterIP is the IP address of the service and is usually assigned
- // randomly. If an address is specified manually, is in-range (as per
- // system configuration), and is not in use, it will be allocated to the
- // service; otherwise creation of the service will fail. This field may not
- // be changed through updates unless the type field is also being changed
- // to ExternalName (which requires this field to be blank) or the type
- // field is being changed from ExternalName (in which case this field may
- // optionally be specified, as describe above). Valid values are "None",
- // empty string (""), or a valid IP address. Setting this to "None" makes a
- // "headless service" (no virtual IP), which is useful when direct endpoint
- // connections are preferred and proxying is not required. Only applies to
- // types ClusterIP, NodePort, and LoadBalancer. If this field is specified
- // when creating a Service of type ExternalName, creation will fail. This
- // field will be wiped when updating a Service to type ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt)
-
- // ClusterIPs is a list of IP addresses assigned to this service, and are
- // usually assigned randomly. If an address is specified manually, is
- // in-range (as per system configuration), and is not in use, it will be
- // allocated to the service; otherwise creation of the service will fail.
- // This field may not be changed through updates unless the type field is
- // also being changed to ExternalName (which requires this field to be
- // empty) or the type field is being changed from ExternalName (in which
- // case this field may optionally be specified, as describe above). Valid
- // values are "None", empty string (""), or a valid IP address. Setting
- // this to "None" makes a "headless service" (no virtual IP), which is
- // useful when direct endpoint connections are preferred and proxying is
- // not required. Only applies to types ClusterIP, NodePort, and
- // LoadBalancer. If this field is specified when creating a Service of type
- // ExternalName, creation will fail. This field will be wiped when updating
- // a Service to type ExternalName. If this field is not specified, it will
- // be initialized from the clusterIP field. If this field is specified,
- // clients must ensure that clusterIPs[0] and clusterIP have the same
- // value.
- //
- // This field may hold a maximum of two entries (dual-stack IPs, in either order).
- // These IPs must correspond to the values of the ipFamilies field. Both
- // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +listType=atomic
- // +optional
- clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt)
-
- // type determines how the Service is exposed. Defaults to ClusterIP. Valid
- // options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
- // "ClusterIP" allocates a cluster-internal IP address for load-balancing
- // to endpoints. Endpoints are determined by the selector or if that is not
- // specified, by manual construction of an Endpoints object or
- // EndpointSlice objects. If clusterIP is "None", no virtual IP is
- // allocated and the endpoints are published as a set of endpoints rather
- // than a virtual IP.
- // "NodePort" builds on ClusterIP and allocates a port on every node which
- // routes to the same endpoints as the clusterIP.
- // "LoadBalancer" builds on NodePort and creates an external load-balancer
- // (if supported in the current cloud) which routes to the same endpoints
- // as the clusterIP.
- // "ExternalName" aliases this service to the specified externalName.
- // Several other fields do not apply to ExternalName services.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
- // +optional
- type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType)
-
- // externalIPs is a list of IP addresses for which nodes in the cluster
- // will also accept traffic for this service. These IPs are not managed by
- // Kubernetes. The user is responsible for ensuring that traffic arrives
- // at a node with this IP. A common example is external load-balancers
- // that are not part of the Kubernetes system.
- // +optional
- externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep)
-
- // Supports "ClientIP" and "None". Used to maintain session affinity.
- // Enable client IP based session affinity.
- // Must be ClientIP or None.
- // Defaults to None.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity)
-
- // Only applies to Service Type: LoadBalancer.
- // This feature depends on whether the underlying cloud-provider supports specifying
- // the loadBalancerIP when a load balancer is created.
- // This field will be ignored if the cloud-provider does not support the feature.
- // Deprecated: This field was under-specified and its meaning varies across implementations.
- // Using it is non-portable and it may not support dual-stack.
- // Users are encouraged to use implementation-specific annotations when available.
- // +optional
- loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt)
-
- // If specified and supported by the platform, this will restrict traffic through the cloud-provider
- // load-balancer will be restricted to the specified client IPs. This field will be ignored if the
- // cloud-provider does not support the feature."
- // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
- // +optional
- loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt)
-
- // externalName is the external reference that discovery mechanisms will
- // return as an alias for this service (e.g. a DNS CNAME record). No
- // proxying will be involved. Must be a lowercase RFC-1123 hostname
- // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
- // +optional
- externalName?: string @go(ExternalName) @protobuf(10,bytes,opt)
-
- // externalTrafficPolicy describes how nodes distribute service traffic they
- // receive on one of the Service's "externally-facing" addresses (NodePorts,
- // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
- // the service in a way that assumes that external load balancers will take care
- // of balancing the service traffic between nodes, and so each node will deliver
- // traffic only to the node-local endpoints of the service, without masquerading
- // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
- // be dropped.) The default value, "Cluster", uses the standard behavior of
- // routing to all endpoints evenly (possibly modified by topology and other
- // features). Note that traffic sent to an External IP or LoadBalancer IP from
- // within the cluster will always get "Cluster" semantics, but clients sending to
- // a NodePort from within the cluster may need to take traffic policy into account
- // when picking a node.
- // +optional
- externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt)
-
- // healthCheckNodePort specifies the healthcheck nodePort for the service.
- // This only applies when type is set to LoadBalancer and
- // externalTrafficPolicy is set to Local. If a value is specified, is
- // in-range, and is not in use, it will be used. If not specified, a value
- // will be automatically allocated. External systems (e.g. load-balancers)
- // can use this port to determine if a given node holds endpoints for this
- // service or not. If this field is specified when creating a Service
- // which does not need it, creation will fail. This field will be wiped
- // when updating a Service to no longer need it (e.g. changing type).
- // This field cannot be updated once set.
- // +optional
- healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt)
-
- // publishNotReadyAddresses indicates that any agent which deals with endpoints for this
- // Service should disregard any indications of ready/not-ready.
- // The primary use case for setting this field is for a StatefulSet's Headless Service to
- // propagate SRV DNS records for its Pods for the purpose of peer discovery.
- // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
- // Services interpret this to mean that all endpoints are considered "ready" even if the
- // Pods themselves are not. Agents which consume only Kubernetes generated endpoints
- // through the Endpoints or EndpointSlice resources can safely assume this behavior.
- // +optional
- publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt)
-
- // sessionAffinityConfig contains the configurations of session affinity.
- // +optional
- sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt)
-
- // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
- // service. This field is usually assigned automatically based on cluster
- // configuration and the ipFamilyPolicy field. If this field is specified
- // manually, the requested family is available in the cluster,
- // and ipFamilyPolicy allows it, it will be used; otherwise creation of
- // the service will fail. This field is conditionally mutable: it allows
- // for adding or removing a secondary IP family, but it does not allow
- // changing the primary IP family of the Service. Valid values are "IPv4"
- // and "IPv6". This field only applies to Services of types ClusterIP,
- // NodePort, and LoadBalancer, and does apply to "headless" services.
- // This field will be wiped when updating a Service to type ExternalName.
- //
- // This field may hold a maximum of two entries (dual-stack families, in
- // either order). These families must correspond to the values of the
- // clusterIPs field, if specified. Both clusterIPs and ipFamilies are
- // governed by the ipFamilyPolicy field.
- // +listType=atomic
- // +optional
- ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily)
-
- // IPFamilyPolicy represents the dual-stack-ness requested or required by
- // this Service. If there is no value provided, then this field will be set
- // to SingleStack. Services can be "SingleStack" (a single IP family),
- // "PreferDualStack" (two IP families on dual-stack configured clusters or
- // a single IP family on single-stack clusters), or "RequireDualStack"
- // (two IP families on dual-stack configured clusters, otherwise fail). The
- // ipFamilies and clusterIPs fields depend on the value of this field. This
- // field will be wiped when updating a service to type ExternalName.
- // +optional
- ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy)
-
- // allocateLoadBalancerNodePorts defines if NodePorts will be automatically
- // allocated for services with type LoadBalancer. Default is "true". It
- // may be set to "false" if the cluster load-balancer does not rely on
- // NodePorts. If the caller requests specific NodePorts (by specifying a
- // value), those requests will be respected, regardless of this field.
- // This field may only be set for services with type LoadBalancer and will
- // be cleared if the type is changed to any other type.
- // +optional
- allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt)
-
- // loadBalancerClass is the class of the load balancer implementation this Service belongs to.
- // If specified, the value of this field must be a label-style identifier, with an optional prefix,
- // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
- // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
- // balancer implementation is used, today this is typically done through the cloud provider integration,
- // but should apply for any default implementation. If set, it is assumed that a load balancer
- // implementation is watching for Services with a matching class. Any default load balancer
- // implementation (e.g. cloud providers) should ignore Services that set this field.
- // This field can only be set when creating or updating a Service to type 'LoadBalancer'.
- // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
- // +optional
- loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt)
-
- // InternalTrafficPolicy describes how nodes distribute service traffic they
- // receive on the ClusterIP. If set to "Local", the proxy will assume that pods
- // only want to talk to endpoints of the service on the same node as the pod,
- // dropping the traffic if there are no local endpoints. The default value,
- // "Cluster", uses the standard behavior of routing to all endpoints evenly
- // (possibly modified by topology and other features).
- // +optional
- internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt)
-}
-
-// ServicePort contains information on service's port.
-#ServicePort: {
- // The name of this port within the service. This must be a DNS_LABEL.
- // All ports within a ServiceSpec must have unique names. When considering
- // the endpoints for a Service, this must match the 'name' field in the
- // EndpointPort.
- // Optional if only one ServicePort is defined on this service.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
- // Default is TCP.
- // +default="TCP"
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt)
-
- // The port that will be exposed by this service.
- port: int32 @go(Port) @protobuf(3,varint,opt)
-
- // Number or name of the port to access on the pods targeted by the service.
- // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- // If this is a string, it will be looked up as a named port in the
- // target Pod's container ports. If this is not specified, the value
- // of the 'port' field is used (an identity map).
- // This field is ignored for services with clusterIP=None, and should be
- // omitted or set equal to the 'port' field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
- // +optional
- targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt)
-
- // The port on each node on which this service is exposed when type is
- // NodePort or LoadBalancer. Usually assigned by the system. If a value is
- // specified, in-range, and not in use it will be used, otherwise the
- // operation will fail. If not specified, a port will be allocated if this
- // Service requires one. If this field is specified when creating a
- // Service which does not need it, creation will fail. This field will be
- // wiped when updating a Service to no longer need it (e.g. changing type
- // from NodePort to ClusterIP).
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- // +optional
- nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt)
-}
-
-// Service is a named abstraction of software service (for example, mysql) consisting of local port
-// (for example 3306) that the proxy listens on, and the selector that determines which pods
-// will answer requests sent through the proxy.
-#Service: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a service.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the service.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ClusterIPNone - do not assign a cluster IP
-// no proxying required and no environment variables should be created for pods
-#ClusterIPNone: "None"
-
-// ServiceList holds a list of services.
-#ServiceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of services
- items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep)
-}
-
-// ServiceAccount binds together:
-// * a name, understood by users, and perhaps by peripheral systems, for an identity
-// * a principal that can be authenticated and authorized
-// * a set of secrets
-#ServiceAccount: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use.
- // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true".
- // This field should not be used to find auto-generated service account token secrets for use outside of pods.
- // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep)
-
- // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
- // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
- // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
- // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
- // +optional
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep)
-
- // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted.
- // Can be overridden at the pod level.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountList is a list of ServiceAccount objects
-#ServiceAccountList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ServiceAccounts.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep)
-}
-
-// Endpoints is a collection of endpoints that implement the actual service. Example:
-//
-// Name: "mysvc",
-// Subsets: [
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// },
-// {
-// Addresses: [{"ip": "10.10.3.3"}],
-// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
-// },
-// ]
-#Endpoints: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The set of all endpoints is the union of all subsets. Addresses are placed into
- // subsets according to the IPs they share. A single address with multiple ports,
- // some of which are ready and some of which are not (because they come from
- // different containers) will result in the address being displayed in different
- // subsets for the different ports. No address will appear in both Addresses and
- // NotReadyAddresses in the same subset.
- // Sets of addresses and ports that comprise a service.
- // +optional
- subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep)
-}
-
-// EndpointSubset is a group of addresses with a common set of ports. The
-// expanded set of endpoints is the Cartesian product of Addresses x Ports.
-// For example, given:
-//
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// }
-//
-// The resulting set of endpoints can be viewed as:
-//
-// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
-// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
-#EndpointSubset: {
- // IP addresses which offer the related ports that are marked as ready. These endpoints
- // should be considered safe for load balancers and clients to utilize.
- // +optional
- addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep)
-
- // IP addresses which offer the related ports but are not currently marked as ready
- // because they have not yet finished starting, have recently failed a readiness check,
- // or have recently failed a liveness check.
- // +optional
- notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep)
-
- // Port numbers available on the related IP addresses.
- // +optional
- ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep)
-}
-
-// EndpointAddress is a tuple that describes single IP address.
-// +structType=atomic
-#EndpointAddress: {
- // The IP of this endpoint.
- // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
- // or link-local multicast (224.0.0.0/24 or ff02::/16).
- ip: string @go(IP) @protobuf(1,bytes,opt)
-
- // The Hostname of this endpoint
- // +optional
- hostname?: string @go(Hostname) @protobuf(3,bytes,opt)
-
- // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
- // +optional
- nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt)
-
- // Reference to object providing the endpoint.
- // +optional
- targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt)
-}
-
-// EndpointPort is a tuple that describes a single port.
-// +structType=atomic
-#EndpointPort: {
- // The name of this port. This must match the 'name' field in the
- // corresponding ServicePort.
- // Must be a DNS_LABEL.
- // Optional only if one port is defined.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The port number of the endpoint.
- port: int32 @go(Port) @protobuf(2,varint,opt)
-
- // The IP protocol for this port.
- // Must be UDP, TCP, or SCTP.
- // Default is TCP.
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt)
-}
-
-// EndpointsList is a list of endpoints.
-#EndpointsList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of endpoints.
- items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep)
-}
-
-// NodeSpec describes the attributes that a node is created with.
-#NodeSpec: {
- // PodCIDR represents the pod IP range assigned to the node.
- // +optional
- podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt)
-
- // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this
- // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for
- // each of IPv4 and IPv6.
- // +optional
- // +patchStrategy=merge
- podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt)
-
- // ID of the node assigned by the cloud provider in the format: ://
- // +optional
- providerID?: string @go(ProviderID) @protobuf(3,bytes,opt)
-
- // Unschedulable controls node schedulability of new pods. By default, node is schedulable.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
- // +optional
- unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt)
-
- // If specified, the node's taints.
- // +optional
- taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt)
-
- // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.
- // +optional
- configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt)
-
- // Deprecated. Not all kubelets will set this field. Remove field after 1.13.
- // see: https://issues.k8s.io/61966
- // +optional
- externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt)
-}
-
-// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
-// This API is deprecated since 1.22
-#NodeConfigSource: {
- // ConfigMap is a reference to a Node's ConfigMap
- configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt)
-}
-
-// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
-// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
-#ConfigMapNodeConfigSource: {
- // Namespace is the metadata.namespace of the referenced ConfigMap.
- // This field is required in all cases.
- namespace: string @go(Namespace) @protobuf(1,bytes,opt)
-
- // Name is the metadata.name of the referenced ConfigMap.
- // This field is required in all cases.
- name: string @go(Name) @protobuf(2,bytes,opt)
-
- // UID is the metadata.UID of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- uid?: types.#UID @go(UID) @protobuf(3,bytes,opt)
-
- // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
- // This field is required in all cases.
- kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt)
-}
-
-// DaemonEndpoint contains information about a single Daemon endpoint.
-#DaemonEndpoint: {
- // Port number of the given endpoint.
- Port: int32 @protobuf(1,varint,opt)
-}
-
-// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
-#NodeDaemonEndpoints: {
- // Endpoint on which Kubelet is listening.
- // +optional
- kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt)
-}
-
-// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
-#NodeSystemInfo: {
- // MachineID reported by the node. For unique machine identification
- // in the cluster this field is preferred. Learn more from man(5)
- // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
- machineID: string @go(MachineID) @protobuf(1,bytes,opt)
-
- // SystemUUID reported by the node. For unique machine identification
- // MachineID is preferred. This field is specific to Red Hat hosts
- // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
- systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt)
-
- // Boot ID reported by the node.
- bootID: string @go(BootID) @protobuf(3,bytes,opt)
-
- // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
- kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt)
-
- // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
- osImage: string @go(OSImage) @protobuf(5,bytes,opt)
-
- // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
- containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt)
-
- // Kubelet Version reported by the node.
- kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt)
-
- // KubeProxy Version reported by the node.
- kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt)
-
- // The Operating System reported by the node
- operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt)
-
- // The Architecture reported by the node
- architecture: string @go(Architecture) @protobuf(10,bytes,opt)
-}
-
-// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
-#NodeConfigStatus: {
- // Assigned reports the checkpointed config the node will try to use.
- // When Node.Spec.ConfigSource is updated, the node checkpoints the associated
- // config payload to local disk, along with a record indicating intended
- // config. The node refers to this record to choose its config checkpoint, and
- // reports this record in Assigned. Assigned only updates in the status after
- // the record has been checkpointed to disk. When the Kubelet is restarted,
- // it tries to make the Assigned config the Active config by loading and
- // validating the checkpointed payload identified by Assigned.
- // +optional
- assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt)
-
- // Active reports the checkpointed config the node is actively using.
- // Active will represent either the current version of the Assigned config,
- // or the current LastKnownGood config, depending on whether attempting to use the
- // Assigned config results in an error.
- // +optional
- active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt)
-
- // LastKnownGood reports the checkpointed config the node will fall back to
- // when it encounters an error attempting to use the Assigned config.
- // The Assigned config becomes the LastKnownGood config when the node determines
- // that the Assigned config is stable and correct.
- // This is currently implemented as a 10-minute soak period starting when the local
- // record of Assigned config is updated. If the Assigned config is Active at the end
- // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
- // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
- // because the local default config is always assumed good.
- // You should not make assumptions about the node's method of determining config stability
- // and correctness, as this may change or become configurable in the future.
- // +optional
- lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt)
-
- // Error describes any problems reconciling the Spec.ConfigSource to the Active config.
- // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
- // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
- // to load or validate the Assigned config, etc.
- // Errors may occur at different points while syncing config. Earlier errors (e.g. download or
- // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
- // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
- // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
- // by fixing the config assigned in Spec.ConfigSource.
- // You can find additional information for debugging by searching the error message in the Kubelet log.
- // Error is a human-readable description of the error state; machines can check whether or not Error
- // is empty, but should not rely on the stability of the Error text across Kubelet versions.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// NodeStatus is information about the current status of a node.
-#NodeStatus: {
- // Capacity represents the total resources of a node.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Allocatable represents the resources of a node that are available for scheduling.
- // Defaults to Capacity.
- // +optional
- allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // NodePhase is the recently observed lifecycle phase of the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase
- // The field is never populated, and now is deprecated.
- // +optional
- phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase)
-
- // Conditions is an array of current observed node conditions.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep)
-
- // List of addresses reachable to the node.
- // Queried from cloud provider, if available.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses
- // Note: This field is declared as mergeable, but the merge key is not sufficiently
- // unique, which can cause data corruption when it is merged. Callers should instead
- // use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
- // Consumers should assume that addresses can change during the
- // lifetime of a Node. However, there are some exceptions where this may not
- // be possible, such as Pods that inherit a Node's address in its own status or
- // consumers of the downward API (status.hostIP).
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep)
-
- // Endpoints of daemons running on the Node.
- // +optional
- daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt)
-
- // Set of ids/uuids to uniquely identify the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#info
- // +optional
- nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt)
-
- // List of container images on this node
- // +optional
- images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep)
-
- // List of attachable volumes in use (mounted) by the node.
- // +optional
- volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep)
-
- // List of volumes that are attached to the node.
- // +optional
- volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep)
-
- // Status of the config assigned to the node via the dynamic Kubelet config feature.
- // +optional
- config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt)
-}
-
-#UniqueVolumeName: string
-
-// AttachedVolume describes a volume attached to a node
-#AttachedVolume: {
- // Name of the attached volume
- name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep)
-
- // DevicePath represents the device path where the volume should be available
- devicePath: string @go(DevicePath) @protobuf(2,bytes,rep)
-}
-
-// AvoidPods describes pods that should avoid this node. This is the value for a
-// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and
-// will eventually become a field of NodeStatus.
-#AvoidPods: {
- // Bounded-sized list of signatures of pods that should avoid this node, sorted
- // in timestamp order from oldest to newest. Size of the slice is unspecified.
- // +optional
- preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep)
-}
-
-// Describes a class of pods that should avoid this node.
-#PreferAvoidPodsEntry: {
- // The class of pods.
- podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt)
-
- // Time at which this entry was added to the list.
- // +optional
- evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt)
-
- // (brief) reason why this entry was added to the list.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Human readable message indicating why this entry was added to the list.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-}
-
-// Describes the class of pods that should avoid this node.
-// Exactly one field should be set.
-#PodSignature: {
- // Reference to controller whose pods should avoid this node.
- // +optional
- podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt)
-}
-
-// Describe a container image
-#ContainerImage: {
- // Names by which this image is known.
- // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
- // +optional
- names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep)
-
- // The size of the image in bytes.
- // +optional
- sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt)
-}
-
-// +enum
-#NodePhase: string // #enumNodePhase
-
-#enumNodePhase:
- #NodePending |
- #NodeRunning |
- #NodeTerminated
-
-// NodePending means the node has been created/added by the system, but not configured.
-#NodePending: #NodePhase & "Pending"
-
-// NodeRunning means the node has been configured and has Kubernetes components running.
-#NodeRunning: #NodePhase & "Running"
-
-// NodeTerminated means the node has been removed from the cluster.
-#NodeTerminated: #NodePhase & "Terminated"
-
-#NodeConditionType: string // #enumNodeConditionType
-
-#enumNodeConditionType:
- #NodeReady |
- #NodeMemoryPressure |
- #NodeDiskPressure |
- #NodePIDPressure |
- #NodeNetworkUnavailable
-
-// NodeReady means kubelet is healthy and ready to accept pods.
-#NodeReady: #NodeConditionType & "Ready"
-
-// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory.
-#NodeMemoryPressure: #NodeConditionType & "MemoryPressure"
-
-// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk.
-#NodeDiskPressure: #NodeConditionType & "DiskPressure"
-
-// NodePIDPressure means the kubelet is under pressure due to insufficient available PID.
-#NodePIDPressure: #NodeConditionType & "PIDPressure"
-
-// NodeNetworkUnavailable means that network for the node is not correctly configured.
-#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable"
-
-// NodeCondition contains condition information for a node.
-#NodeCondition: {
- // Type of node condition.
- type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we got an update on a given condition.
- // +optional
- lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transit from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // (brief) reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-#NodeAddressType: string // #enumNodeAddressType
-
-#enumNodeAddressType:
- #NodeHostName |
- #NodeInternalIP |
- #NodeExternalIP |
- #NodeInternalDNS |
- #NodeExternalDNS
-
-// NodeHostName identifies a name of the node. Although every node can be assumed
-// to have a NodeAddress of this type, its exact syntax and semantics are not
-// defined, and are not consistent between different clusters.
-#NodeHostName: #NodeAddressType & "Hostname"
-
-// NodeInternalIP identifies an IP address which is assigned to one of the node's
-// network interfaces. Every node should have at least one address of this type.
-//
-// An internal IP is normally expected to be reachable from every other node, but
-// may not be visible to hosts outside the cluster. By default it is assumed that
-// kube-apiserver can reach node internal IPs, though it is possible to configure
-// clusters where this is not the case.
-//
-// NodeInternalIP is the default type of node IP, and does not necessarily imply
-// that the IP is ONLY reachable internally. If a node has multiple internal IPs,
-// no specific semantics are assigned to the additional IPs.
-#NodeInternalIP: #NodeAddressType & "InternalIP"
-
-// NodeExternalIP identifies an IP address which is, in some way, intended to be
-// more usable from outside the cluster then an internal IP, though no specific
-// semantics are defined. It may be a globally routable IP, though it is not
-// required to be.
-//
-// External IPs may be assigned directly to an interface on the node, like a
-// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed
-// to an internal node IP rather than being delivered directly (making the IP less
-// efficient for node-to-node traffic than a NodeInternalIP).
-#NodeExternalIP: #NodeAddressType & "ExternalIP"
-
-// NodeInternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeInternalIP. The IP it resolves to may or may not
-// be a listed NodeInternalIP address.
-#NodeInternalDNS: #NodeAddressType & "InternalDNS"
-
-// NodeExternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeExternalIP. The IP it resolves to may or may not
-// be a listed NodeExternalIP address.
-#NodeExternalDNS: #NodeAddressType & "ExternalDNS"
-
-// NodeAddress contains information for the node's address.
-#NodeAddress: {
- // Node address type, one of Hostname, ExternalIP or InternalIP.
- type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType)
-
- // The node address.
- address: string @go(Address) @protobuf(2,bytes,opt)
-}
-
-// ResourceName is the name identifying various resources in a ResourceList.
-#ResourceName: string // #enumResourceName
-
-#enumResourceName:
- #ResourceCPU |
- #ResourceMemory |
- #ResourceStorage |
- #ResourceEphemeralStorage |
- #ResourcePods |
- #ResourceServices |
- #ResourceReplicationControllers |
- #ResourceQuotas |
- #ResourceSecrets |
- #ResourceConfigMaps |
- #ResourcePersistentVolumeClaims |
- #ResourceServicesNodePorts |
- #ResourceServicesLoadBalancers |
- #ResourceRequestsCPU |
- #ResourceRequestsMemory |
- #ResourceRequestsStorage |
- #ResourceRequestsEphemeralStorage |
- #ResourceLimitsCPU |
- #ResourceLimitsMemory |
- #ResourceLimitsEphemeralStorage
-
-// CPU, in cores. (500m = .5 cores)
-#ResourceCPU: #ResourceName & "cpu"
-
-// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceMemory: #ResourceName & "memory"
-
-// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024)
-#ResourceStorage: #ResourceName & "storage"
-
-// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// The resource name for ResourceEphemeralStorage is alpha and it can change across releases.
-#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage"
-
-// Default namespace prefix.
-#ResourceDefaultNamespacePrefix: "kubernetes.io/"
-
-// Name prefix for huge page resources (alpha).
-#ResourceHugePagesPrefix: "hugepages-"
-
-// Name prefix for storage resource limits
-#ResourceAttachableVolumesPrefix: "attachable-volumes-"
-
-// ResourceList is a set of (resource name, quantity) pairs.
-#ResourceList: {[string]: resource.#Quantity}
-
-// Node is a worker node in Kubernetes.
-// Each node will have a unique identifier in the cache (i.e. in etcd).
-#Node: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a node.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the node.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NodeList is the whole list of all Nodes which have been registered with master.
-#NodeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of nodes
- items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep)
-}
-
-// FinalizerName is the name identifying a finalizer during namespace lifecycle.
-#FinalizerName: string // #enumFinalizerName
-
-#enumFinalizerName:
- #FinalizerKubernetes
-
-#FinalizerKubernetes: #FinalizerName & "kubernetes"
-
-// NamespaceSpec describes the attributes on a Namespace.
-#NamespaceSpec: {
- // Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName)
-}
-
-// NamespaceStatus is information about the current status of a Namespace.
-#NamespaceStatus: {
- // Phase is the current lifecycle phase of the namespace.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase)
-
- // Represents the latest available observations of a namespace's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep)
-}
-
-// +enum
-#NamespacePhase: string // #enumNamespacePhase
-
-#enumNamespacePhase:
- #NamespaceActive |
- #NamespaceTerminating
-
-// NamespaceActive means the namespace is available for use in the system
-#NamespaceActive: #NamespacePhase & "Active"
-
-// NamespaceTerminating means the namespace is undergoing graceful termination
-#NamespaceTerminating: #NamespacePhase & "Terminating"
-
-// NamespaceTerminatingCause is returned as a defaults.cause item when a change is
-// forbidden due to the namespace being terminated.
-#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating"
-
-#NamespaceConditionType: string // #enumNamespaceConditionType
-
-#enumNamespaceConditionType:
- #NamespaceDeletionDiscoveryFailure |
- #NamespaceDeletionContentFailure |
- #NamespaceDeletionGVParsingFailure |
- #NamespaceContentRemaining |
- #NamespaceFinalizersRemaining
-
-// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery.
-#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure"
-
-// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources.
-#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure"
-
-// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types.
-#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure"
-
-// NamespaceContentRemaining contains information about resources remaining in a namespace.
-#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining"
-
-// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace.
-#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining"
-
-// NamespaceCondition contains details about state of namespace.
-#NamespaceCondition: {
- // Type of namespace controller condition.
- type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// Namespace provides a scope for Names.
-// Use of multiple namespaces is optional.
-#Namespace: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of the Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status describes the current status of a Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NamespaceList is a list of Namespaces.
-#NamespaceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of Namespace objects in the list.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep)
-}
-
-// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
-// Deprecated in 1.7, please use the bindings subresource of pods instead.
-#Binding: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The target object that you want to bind to the standard object.
- target: #ObjectReference @go(Target) @protobuf(2,bytes,opt)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-// +k8s:openapi-gen=false
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-}
-
-// PodLogOptions is the query options for a Pod's logs REST call.
-#PodLogOptions: {
- metav1.#TypeMeta
-
- // The container for which to stream logs. Defaults to only container if there is one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(1,bytes,opt)
-
- // Follow the log stream of the pod. Defaults to false.
- // +optional
- follow?: bool @go(Follow) @protobuf(2,varint,opt)
-
- // Return previous terminated container logs. Defaults to false.
- // +optional
- previous?: bool @go(Previous) @protobuf(3,varint,opt)
-
- // A relative time in seconds before the current time from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt)
-
- // An RFC3339 timestamp from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt)
-
- // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
- // of log output. Defaults to false.
- // +optional
- timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt)
-
- // If set, the number of lines from the end of the logs to show. If not specified,
- // logs are shown from the creation of the container or sinceSeconds or sinceTime
- // +optional
- tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt)
-
- // If set, the number of bytes to read from the server before terminating the
- // log output. This may not display a complete final line of logging, and may return
- // slightly more or slightly less than the specified limit.
- // +optional
- limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt)
-
- // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the
- // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver
- // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real
- // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the
- // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept
- // the actual log data coming from the real kubelet).
- // +optional
- insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt)
-}
-
-// PodAttachOptions is the query options to a Pod's remote attach call.
-// ---
-// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodAttachOptions: {
- metav1.#TypeMeta
-
- // Stdin if true, redirects the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Stdout if true indicates that stdout is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Stderr if true indicates that stderr is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the attach call.
- // This is passed through the container runtime so the tty
- // is allocated on the worker node by the container runtime.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // The container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-}
-
-// PodExecOptions is the query options to a Pod's remote exec call.
-// ---
-// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodExecOptions: {
- metav1.#TypeMeta
-
- // Redirect the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Redirect the standard output stream of the pod for this call.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Redirect the standard error stream of the pod for this call.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the exec call.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // Container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-
- // Command is the remote command to execute. argv array. Not executed within a shell.
- command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep)
-}
-
-// PodPortForwardOptions is the query options to a Pod's port forward call
-// when using WebSockets.
-// The `port` query parameter must specify the port or
-// ports (comma separated) to forward over.
-// Port forwarding over SPDY does not use these options. It requires the port
-// to be passed in the `port` header as part of request.
-#PodPortForwardOptions: {
- metav1.#TypeMeta
-
- // List of ports to forward
- // Required when using WebSockets
- // +optional
- ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep)
-}
-
-// PodProxyOptions is the query options to a Pod's proxy call.
-#PodProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to pod.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// NodeProxyOptions is the query options to a Node's proxy call.
-#NodeProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to node.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ServiceProxyOptions is the query options to a Service's proxy call.
-#ServiceProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the part of URLs that include service endpoints, suffixes,
- // and parameters to use for the current proxy request to service.
- // For example, the whole request URL is
- // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy.
- // Path is _search?q=user:kimchy.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ObjectReference contains enough information to let you inspect or modify the referred object.
-// ---
-// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
-// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
-// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
-// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
-// Those cannot be well described when embedded.
-// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
-// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
-// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
-// and the version of the actual struct is irrelevant.
-// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
-// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
-//
-// Instead of using this type, create a locally provided and used type that is well-focused on your reference.
-// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +structType=atomic
-#ObjectReference: {
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Namespace of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // +optional
- name?: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // API version of the referent.
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Specific resourceVersion to which this reference is made, if any.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // If referring to a piece of an object instead of an entire object, this string
- // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- // For example, if the object reference is to a container within a pod, this would take on a value like:
- // "spec.containers{name}" (where "name" refers to the name of the container that triggered
- // the event) or if no container name is specified "spec.containers[2]" (container with
- // index 2 in this pod). This syntax is chosen only to have some well-defined way of
- // referencing a part of an object.
- // TODO: this design is not final and this field is subject to change in the future.
- // +optional
- fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt)
-}
-
-// LocalObjectReference contains enough information to let you locate the
-// referenced object inside the same namespace.
-// +structType=atomic
-#LocalObjectReference: {
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // TODO: Add other useful fields. apiVersion, kind, uid?
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TypedLocalObjectReference contains enough information to let you locate the
-// typed referenced object inside the same namespace.
-// +structType=atomic
-#TypedLocalObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-}
-
-// SerializedReference is a reference to serialized object.
-#SerializedReference: {
- metav1.#TypeMeta
-
- // The reference to an object in the system.
- // +optional
- reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt)
-}
-
-// EventSource contains information for an event.
-#EventSource: {
- // Component from which the event is generated.
- // +optional
- component?: string @go(Component) @protobuf(1,bytes,opt)
-
- // Node name on which the event is generated.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-// Information only and will not cause any problems
-#EventTypeNormal: "Normal"
-
-// These events are to warn that something might go wrong
-#EventTypeWarning: "Warning"
-
-// Event is a report of an event somewhere in the cluster. Events
-// have a limited retention time and triggers and messages may evolve
-// with time. Event consumers should not rely on the timing of an event
-// with a given Reason reflecting a consistent underlying trigger, or the
-// continued existence of events with that Reason. Events should be
-// treated as informative, best-effort, supplemental data.
-#Event: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The object that this event is about.
- involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt)
-
- // This should be a short, machine understandable string that gives the reason
- // for the transition into the object's current status.
- // TODO: provide exact specification for format.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // TODO: decide on maximum length.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // The component reporting this event. Should be a short machine understandable string.
- // +optional
- source?: #EventSource @go(Source) @protobuf(5,bytes,opt)
-
- // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
- // +optional
- firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt)
-
- // The time at which the most recent occurrence of this event was recorded.
- // +optional
- lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt)
-
- // The number of times this event has occurred.
- // +optional
- count?: int32 @go(Count) @protobuf(8,varint,opt)
-
- // Type of this event (Normal, Warning), new types could be added in the future
- // +optional
- type?: string @go(Type) @protobuf(9,bytes,opt)
-
- // Time when this Event was first observed.
- // +optional
- eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt)
-
- // Data about the Event series this event represents or nil if it's a singleton Event.
- // +optional
- series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt)
-
- // What action was taken/failed regarding to the Regarding object.
- // +optional
- action?: string @go(Action) @protobuf(12,bytes,opt)
-
- // Optional secondary object for more complex actions.
- // +optional
- related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt)
-
- // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
- // +optional
- reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt)
-
- // ID of the controller instance, e.g. `kubelet-xyzf`.
- // +optional
- reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt)
-}
-
-// EventSeries contain information on series of events, i.e. thing that was/is happening
-// continuously for some time.
-#EventSeries: {
- // Number of occurrences in this series up to the last heartbeat time
- count?: int32 @go(Count) @protobuf(1,varint)
-
- // Time of the last occurrence observed
- lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes)
-}
-
-// EventList is a list of events.
-#EventList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of events
- items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep)
-}
-
-// List holds a list of objects, which may not be known by the server.
-#List: metav1.#List
-
-// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or
-// a fully qualified resource name.
-#LimitType: string // #enumLimitType
-
-#enumLimitType:
- #LimitTypePod |
- #LimitTypeContainer |
- #LimitTypePersistentVolumeClaim
-
-// Limit that applies to all pods in a namespace
-#LimitTypePod: #LimitType & "Pod"
-
-// Limit that applies to all containers in a namespace
-#LimitTypeContainer: #LimitType & "Container"
-
-// Limit that applies to all persistent volume claims in a namespace
-#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim"
-
-// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
-#LimitRangeItem: {
- // Type of resource that this limit applies to.
- type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType)
-
- // Max usage constraints on this kind by resource name.
- // +optional
- max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Min usage constraints on this kind by resource name.
- // +optional
- min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Default resource requirement limit value by resource name if resource limit is omitted.
- // +optional
- default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
- // +optional
- defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
- // +optional
- maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
-#LimitRangeSpec: {
- // Limits is the list of LimitRangeItem objects that are enforced.
- limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep)
-}
-
-// LimitRange sets resource usage limits for each kind of resource in a Namespace.
-#LimitRange: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the limits enforced.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// LimitRangeList is a list of LimitRange items.
-#LimitRangeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of LimitRange objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep)
-}
-
-// Pods, number
-#ResourcePods: #ResourceName & "pods"
-
-// Services, number
-#ResourceServices: #ResourceName & "services"
-
-// ReplicationControllers, number
-#ResourceReplicationControllers: #ResourceName & "replicationcontrollers"
-
-// ResourceQuotas, number
-#ResourceQuotas: #ResourceName & "resourcequotas"
-
-// ResourceSecrets, number
-#ResourceSecrets: #ResourceName & "secrets"
-
-// ResourceConfigMaps, number
-#ResourceConfigMaps: #ResourceName & "configmaps"
-
-// ResourcePersistentVolumeClaims, number
-#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims"
-
-// ResourceServicesNodePorts, number
-#ResourceServicesNodePorts: #ResourceName & "services.nodeports"
-
-// ResourceServicesLoadBalancers, number
-#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers"
-
-// CPU request, in cores. (500m = .5 cores)
-#ResourceRequestsCPU: #ResourceName & "requests.cpu"
-
-// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsMemory: #ResourceName & "requests.memory"
-
-// Storage request, in bytes
-#ResourceRequestsStorage: #ResourceName & "requests.storage"
-
-// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage"
-
-// CPU limit, in cores. (500m = .5 cores)
-#ResourceLimitsCPU: #ResourceName & "limits.cpu"
-
-// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsMemory: #ResourceName & "limits.memory"
-
-// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage"
-
-// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// As burst is not supported for HugePages, we would only quota its request, and ignore the limit.
-#ResourceRequestsHugePagesPrefix: "requests.hugepages-"
-
-// Default resource requests prefix
-#DefaultResourceRequestsPrefix: "requests."
-
-// A ResourceQuotaScope defines a filter that must match each object tracked by a quota
-// +enum
-#ResourceQuotaScope: string // #enumResourceQuotaScope
-
-#enumResourceQuotaScope:
- #ResourceQuotaScopeTerminating |
- #ResourceQuotaScopeNotTerminating |
- #ResourceQuotaScopeBestEffort |
- #ResourceQuotaScopeNotBestEffort |
- #ResourceQuotaScopePriorityClass |
- #ResourceQuotaScopeCrossNamespacePodAffinity
-
-// Match all pod objects where spec.activeDeadlineSeconds >=0
-#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating"
-
-// Match all pod objects where spec.activeDeadlineSeconds is nil
-#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating"
-
-// Match all pod objects that have best effort quality of service
-#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort"
-
-// Match all pod objects that do not have best effort quality of service
-#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort"
-
-// Match all pod objects that have priority class mentioned
-#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass"
-
-// Match all pod objects that have cross-namespace pod (anti)affinity mentioned.
-#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity"
-
-// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
-#ResourceQuotaSpec: {
- // hard is the set of desired hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // A collection of filters that must match each object tracked by a quota.
- // If not specified, the quota matches all objects.
- // +optional
- scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope)
-
- // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
- // but expressed using ScopeSelectorOperator in combination with possible values.
- // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
- // +optional
- scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt)
-}
-
-// A scope selector represents the AND of the selectors represented
-// by the scoped-resource selector requirements.
-// +structType=atomic
-#ScopeSelector: {
- // A list of scope selector requirements by scope of the resources.
- // +optional
- matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep)
-}
-
-// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
-// that relates the scope name and values.
-#ScopedResourceSelectorRequirement: {
- // The name of the scope that the selector applies to.
- scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt)
-
- // Represents a scope's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist.
- operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A scope selector operator is the set of operators that can be used in
-// a scope selector requirement.
-// +enum
-#ScopeSelectorOperator: string // #enumScopeSelectorOperator
-
-#enumScopeSelectorOperator:
- #ScopeSelectorOpIn |
- #ScopeSelectorOpNotIn |
- #ScopeSelectorOpExists |
- #ScopeSelectorOpDoesNotExist
-
-#ScopeSelectorOpIn: #ScopeSelectorOperator & "In"
-#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn"
-#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists"
-#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist"
-
-// ResourceQuotaStatus defines the enforced hard limits and observed use.
-#ResourceQuotaStatus: {
- // Hard is the set of enforced hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Used is the current observed total usage of the resource in the namespace.
- // +optional
- used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// ResourceQuota sets aggregate quota restrictions enforced per namespace
-#ResourceQuota: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the desired quota.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status defines the actual enforced quota and its current usage.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ResourceQuotaList is a list of ResourceQuota items.
-#ResourceQuotaList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of ResourceQuota objects.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep)
-}
-
-// Secret holds secret data of a certain type. The total bytes of the values in
-// the Data field must be less than MaxSecretSize bytes.
-#Secret: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the Secret cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt)
-
- // Data contains the secret data. Each key must consist of alphanumeric
- // characters, '-', '_' or '.'. The serialized form of the secret data is a
- // base64 encoded string, representing the arbitrary (possibly non-string)
- // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
- // +optional
- data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep)
-
- // stringData allows specifying non-binary secret data in string form.
- // It is provided as a write-only input field for convenience.
- // All keys and values are merged into the data field on write, overwriting any existing values.
- // The stringData field is never output when reading from the API.
- // +k8s:conversion-gen=false
- // +optional
- stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep)
-
- // Used to facilitate programmatic handling of secret data.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
- // +optional
- type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType)
-}
-
-#MaxSecretSize: 1048576
-
-#SecretType: string // #enumSecretType
-
-#enumSecretType:
- #SecretTypeOpaque |
- #SecretTypeServiceAccountToken |
- #SecretTypeDockercfg |
- #SecretTypeDockerConfigJson |
- #SecretTypeBasicAuth |
- #SecretTypeSSHAuth |
- #SecretTypeTLS |
- #SecretTypeBootstrapToken
-
-// SecretTypeOpaque is the default. Arbitrary user-defined data
-#SecretTypeOpaque: #SecretType & "Opaque"
-
-// SecretTypeServiceAccountToken contains a token that identifies a service account to the API
-//
-// Required fields:
-// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies
-// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies
-// - Secret.Data["token"] - a token that identifies the service account to the API
-#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token"
-
-// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountNameKey: "kubernetes.io/service-account.name"
-
-// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountUIDKey: "kubernetes.io/service-account.uid"
-
-// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets
-#ServiceAccountTokenKey: "token"
-
-// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets
-#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig"
-
-// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets
-#ServiceAccountRootCAKey: "ca.crt"
-
-// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls
-#ServiceAccountNamespaceKey: "namespace"
-
-// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg
-//
-// Required fields:
-// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file
-#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg"
-
-// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets
-#DockerConfigKey: ".dockercfg"
-
-// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json
-//
-// Required fields:
-// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file
-#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson"
-
-// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets
-#DockerConfigJsonKey: ".dockerconfigjson"
-
-// SecretTypeBasicAuth contains data needed for basic authentication.
-//
-// Required at least one of fields:
-// - Secret.Data["username"] - username used for authentication
-// - Secret.Data["password"] - password or token needed for authentication
-#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth"
-
-// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets
-#BasicAuthUsernameKey: "username"
-
-// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets
-#BasicAuthPasswordKey: "password"
-
-// SecretTypeSSHAuth contains data needed for SSH authetication.
-//
-// Required field:
-// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication
-#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth"
-
-// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets
-#SSHAuthPrivateKey: "ssh-privatekey"
-
-// SecretTypeTLS contains information about a TLS client or server secret. It
-// is primarily used with TLS termination of the Ingress resource, but may be
-// used in other types.
-//
-// Required fields:
-// - Secret.Data["tls.key"] - TLS private key.
-// Secret.Data["tls.crt"] - TLS certificate.
-// TODO: Consider supporting different formats, specifying CA/destinationCA.
-#SecretTypeTLS: #SecretType & "kubernetes.io/tls"
-
-// TLSCertKey is the key for tls certificates in a TLS secret.
-#TLSCertKey: "tls.crt"
-
-// TLSPrivateKeyKey is the key for the private key field in a TLS secret.
-#TLSPrivateKeyKey: "tls.key"
-
-// SecretTypeBootstrapToken is used during the automated bootstrap process (first
-// implemented by kubeadm). It stores tokens that are used to sign well known
-// ConfigMaps. They are used for authn.
-#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token"
-
-// SecretList is a list of Secret.
-#SecretList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of secret objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep)
-}
-
-// ConfigMap holds configuration data for pods to consume.
-#ConfigMap: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the ConfigMap cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt)
-
- // Data contains the configuration data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // Values with non-UTF-8 byte sequences must use the BinaryData field.
- // The keys stored in Data must not overlap with the keys in
- // the BinaryData field, this is enforced during validation process.
- // +optional
- data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep)
-
- // BinaryData contains the binary data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // BinaryData can contain byte sequences that are not in the UTF-8 range.
- // The keys stored in BinaryData must not overlap with the ones in
- // the Data field, this is enforced during validation process.
- // Using this field will require 1.10+ apiserver and
- // kubelet.
- // +optional
- binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep)
-}
-
-// ConfigMapList is a resource containing a list of ConfigMap objects.
-#ConfigMapList: {
- metav1.#TypeMeta
-
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of ConfigMaps.
- items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep)
-}
-
-// Type and constants for component health validation.
-#ComponentConditionType: string // #enumComponentConditionType
-
-#enumComponentConditionType:
- #ComponentHealthy
-
-#ComponentHealthy: #ComponentConditionType & "Healthy"
-
-// Information about the condition of a component.
-#ComponentCondition: {
- // Type of condition for a component.
- // Valid value: "Healthy"
- type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType)
-
- // Status of the condition for a component.
- // Valid values for "Healthy": "True", "False", or "Unknown".
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Message about the condition for a component.
- // For example, information about a health check.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // Condition error code for a component.
- // For example, a health check error code.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatus: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // List of component conditions observed
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep)
-}
-
-// Status of all the conditions for the component as a list of ComponentStatus objects.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatusList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ComponentStatus objects.
- items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep)
-}
-
-// DownwardAPIVolumeSource represents a volume containing downward API info.
-// Downward API volumes support ownership management and SELinux relabeling.
-#DownwardAPIVolumeSource: {
- // Items is a list of downward API volume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-
- // Optional: mode bits to use on created files by default. Must be a
- // Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644
-
-// DownwardAPIVolumeFile represents information to create the file containing the pod field
-#DownwardAPIVolumeFile: {
- // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt)
-
- // Optional: mode bits used to set permissions on this file, must be an octal value
- // between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt)
-}
-
-// Represents downward API info for projecting into a projected volume.
-// Note that this is identical to a downwardAPI volume source without the default
-// mode.
-#DownwardAPIProjection: {
- // Items is a list of DownwardAPIVolume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-}
-
-// SecurityContext holds security configuration that will be applied to a container.
-// Some fields are present in both SecurityContext and PodSecurityContext. When both
-// are set, the values in SecurityContext take precedence.
-#SecurityContext: {
- // The capabilities to add/drop when running containers.
- // Defaults to the default set of capabilities granted by the container runtime.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt)
-
- // Run container in privileged mode.
- // Processes in privileged containers are essentially equivalent to root on the host.
- // Defaults to false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt)
-
- // The SELinux context to be applied to the container.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options from the PodSecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt)
-
- // Whether this container has a read-only root filesystem.
- // Default is false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt)
-
- // AllowPrivilegeEscalation controls whether a process can gain more
- // privileges than its parent process. This bool directly controls if
- // the no_new_privs flag will be set on the container process.
- // AllowPrivilegeEscalation is true always when the container is:
- // 1) run as Privileged
- // 2) has CAP_SYS_ADMIN
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt)
-
- // procMount denotes the type of proc mount to use for the containers.
- // The default is DefaultProcMount which uses the container runtime defaults for
- // readonly paths and masked paths.
- // This requires the ProcMountType feature flag to be enabled.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by this container. If seccomp options are
- // provided at both the pod & container level, the container options
- // override the pod options.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt)
-}
-
-// +enum
-#ProcMountType: string // #enumProcMountType
-
-#enumProcMountType:
- #DefaultProcMount |
- #UnmaskedProcMount
-
-// DefaultProcMount uses the container runtime defaults for readonly and masked
-// paths for /proc. Most container runtimes mask certain paths in /proc to avoid
-// accidental security exposure of special devices or information.
-#DefaultProcMount: #ProcMountType & "Default"
-
-// UnmaskedProcMount bypasses the default masking behavior of the container
-// runtime and ensures the newly created /proc the container stays in tact with
-// no modifications.
-#UnmaskedProcMount: #ProcMountType & "Unmasked"
-
-// SELinuxOptions are the labels to be applied to the container
-#SELinuxOptions: {
- // User is a SELinux user label that applies to the container.
- // +optional
- user?: string @go(User) @protobuf(1,bytes,opt)
-
- // Role is a SELinux role label that applies to the container.
- // +optional
- role?: string @go(Role) @protobuf(2,bytes,opt)
-
- // Type is a SELinux type label that applies to the container.
- // +optional
- type?: string @go(Type) @protobuf(3,bytes,opt)
-
- // Level is SELinux level label that applies to the container.
- // +optional
- level?: string @go(Level) @protobuf(4,bytes,opt)
-}
-
-// WindowsSecurityContextOptions contain Windows-specific options and credentials.
-#WindowsSecurityContextOptions: {
- // GMSACredentialSpecName is the name of the GMSA credential spec to use.
- // +optional
- gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt)
-
- // GMSACredentialSpec is where the GMSA admission webhook
- // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- // GMSA credential spec named by the GMSACredentialSpecName field.
- // +optional
- gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt)
-
- // The UserName in Windows to run the entrypoint of the container process.
- // Defaults to the user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt)
-
- // HostProcess determines if a container should be run as a 'Host Process' container.
- // All of a Pod's containers must have the same effective HostProcess value
- // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- // In addition, if HostProcess is true then HostNetwork must also be set to true.
- // +optional
- hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt)
-}
-
-// RangeAllocation is not a public type.
-#RangeAllocation: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Range is string that identifies the range represented by 'data'.
- range: string @go(Range) @protobuf(2,bytes,opt)
-
- // Data is a bit array containing all allocated addresses in the previous segment.
- data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt)
-}
-
-// DefaultSchedulerName defines the name of default scheduler.
-#DefaultSchedulerName: "default-scheduler"
-
-// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule
-// corresponding to every RequiredDuringScheduling affinity rule.
-// When the --hard-pod-affinity-weight scheduler flag is not specified,
-// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule.
-#DefaultHardPodAffinitySymmetricWeight: int32 & 1
-
-// Sysctl defines a kernel parameter to be set
-#Sysctl: {
- // Name of a property to set
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Value of a property to set
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// NodeResources is an object for conveying resource information about a node.
-// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details.
-#NodeResources: {
- // Capacity represents the available resources of a node
- Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName)
-}
-
-// Enable stdin for remote command execution
-#ExecStdinParam: "input"
-
-// Enable stdout for remote command execution
-#ExecStdoutParam: "output"
-
-// Enable stderr for remote command execution
-#ExecStderrParam: "error"
-
-// Enable TTY for remote command execution
-#ExecTTYParam: "tty"
-
-// Command to run for remote command execution
-#ExecCommandParam: "command"
-
-// Name of header that specifies stream type
-#StreamType: "streamType"
-
-// Value for streamType header for stdin stream
-#StreamTypeStdin: "stdin"
-
-// Value for streamType header for stdout stream
-#StreamTypeStdout: "stdout"
-
-// Value for streamType header for stderr stream
-#StreamTypeStderr: "stderr"
-
-// Value for streamType header for data stream
-#StreamTypeData: "data"
-
-// Value for streamType header for error stream
-#StreamTypeError: "error"
-
-// Value for streamType header for terminal resize stream
-#StreamTypeResize: "resize"
-
-// Name of header that specifies the port being forwarded
-#PortHeader: "port"
-
-// Name of header that specifies a request ID used to associate the error
-// and data streams for a single forwarded connection
-#PortForwardRequestIDHeader: "requestID"
-
-// MixedProtocolNotSupported error in PortStatus means that the cloud provider
-// can't publish the port on the load balancer because mixed values of protocols
-// on the same LoadBalancer type of Service are not supported by the cloud provider.
-#MixedProtocolNotSupported: "MixedProtocolNotSupported"
-
-#PortStatus: {
- // Port is the port number of the service port of which status is recorded here
- port: int32 @go(Port) @protobuf(1,varint,opt)
-
- // Protocol is the protocol of the service port of which status is recorded here
- // The supported values are: "TCP", "UDP", "SCTP"
- protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // Error is to record the problem with the service port
- // The format of the error shall comply with the following rules:
- // - built-in error values shall be specified in this file and those shall use
- // CamelCase names
- // - cloud provider specific error values must have names that comply with the
- // format foo.example.com/CamelCase.
- // ---
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +optional
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- error?: null | string @go(Error,*string) @protobuf(3,bytes,opt)
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
deleted file mode 100644
index 2a1f060b6..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
+++ /dev/null
@@ -1,59 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#LabelHostname: "kubernetes.io/hostname"
-
-// Label value is the network location of kube-apiserver stored as
-// Stored in APIServer Identity lease objects to view what address is used for peer proxy
-#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address"
-#LabelTopologyZone: "topology.kubernetes.io/zone"
-#LabelTopologyRegion: "topology.kubernetes.io/region"
-
-// These label have been deprecated since 1.17, but will be supported for
-// the foreseeable future, to accommodate things like long-lived PVs that
-// use them. New users should prefer the "topology.kubernetes.io/*"
-// equivalents.
-#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone"
-#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region"
-
-// Retained for compat when vendored. Do not use these consts in new code.
-#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone"
-#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region"
-#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone"
-#LabelZoneRegionStable: "topology.kubernetes.io/region"
-#LabelInstanceType: "beta.kubernetes.io/instance-type"
-#LabelInstanceTypeStable: "node.kubernetes.io/instance-type"
-#LabelOSStable: "kubernetes.io/os"
-#LabelArchStable: "kubernetes.io/arch"
-
-// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0.
-// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763)
-#LabelWindowsBuild: "node.kubernetes.io/windows-build"
-
-// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*)
-#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io"
-
-// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*)
-#LabelNamespaceSuffixNode: "node.kubernetes.io"
-
-// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled
-#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io"
-
-// IsHeadlessService is added by Controller to an Endpoint denoting if its parent
-// Service is Headless. The existence of this label can be used further by other
-// controllers and kube-proxy to check if the Endpoint objects should be replicated when
-// using Headless Services
-#IsHeadlessService: "service.kubernetes.io/headless"
-
-// LabelNodeExcludeBalancers specifies that the node should not be considered as a target
-// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only
-// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that
-// any backends on excluded nodes are not reachable by those external load-balancers.
-// Implementations of this exclusion may vary based on provider.
-#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers"
-
-// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels
-#LabelMetadataName: "kubernetes.io/metadata.name"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
deleted file mode 100644
index b7c097336..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// TaintNodeNotReady will be added when node is not ready
-// and removed when node becomes ready.
-#TaintNodeNotReady: "node.kubernetes.io/not-ready"
-
-// TaintNodeUnreachable will be added when node becomes unreachable
-// (corresponding to NodeReady status ConditionUnknown)
-// and removed when node becomes reachable (NodeReady status ConditionTrue).
-#TaintNodeUnreachable: "node.kubernetes.io/unreachable"
-
-// TaintNodeUnschedulable will be added when node becomes unschedulable
-// and removed when node becomes schedulable.
-#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable"
-
-// TaintNodeMemoryPressure will be added when node has memory pressure
-// and removed when node has enough memory.
-#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure"
-
-// TaintNodeDiskPressure will be added when node has disk pressure
-// and removed when node has enough disk.
-#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure"
-
-// TaintNodeNetworkUnavailable will be added when node's network is unavailable
-// and removed when network becomes ready.
-#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable"
-
-// TaintNodePIDPressure will be added when node has pid pressure
-// and removed when node has enough pid.
-#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure"
-
-// TaintNodeOutOfService can be added when node is out of service in case of
-// a non-graceful shutdown
-#TaintNodeOutOfService: "node.kubernetes.io/out-of-service"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue
deleted file mode 100644
index 1c83e8b4f..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/rbac/v1
-
-package v1
-
-#GroupName: "rbac.authorization.k8s.io"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue
deleted file mode 100644
index 521e355e9..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue
+++ /dev/null
@@ -1,207 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/rbac/v1
-
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-#APIGroupAll: "*"
-#ResourceAll: "*"
-#VerbAll: "*"
-#NonResourceAll: "*"
-#GroupKind: "Group"
-#ServiceAccountKind: "ServiceAccount"
-#UserKind: "User"
-
-// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
-#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate"
-
-// PolicyRule holds information that describes a policy rule, but does not contain information
-// about who the rule applies to or which namespace the rule applies to.
-#PolicyRule: {
- // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
- verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
-
- // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
- // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
- // +optional
- apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep)
-
- // Resources is a list of resources this rule applies to. '*' represents all resources.
- // +optional
- resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
-
- // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
- // +optional
- resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep)
-
- // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
- // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
- // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
- // +optional
- nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep)
-}
-
-// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
-// or a value for non-objects such as user and group names.
-// +structType=atomic
-#Subject: {
- // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
- // If the Authorizer does not recognized the kind value, the Authorizer should report an error.
- kind: string @go(Kind) @protobuf(1,bytes,opt)
-
- // APIGroup holds the API group of the referenced subject.
- // Defaults to "" for ServiceAccount subjects.
- // Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
- // +optional
- apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup)
-
- // Name of the object being referenced.
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
- // the Authorizer should report an error.
- // +optional
- namespace?: string @go(Namespace) @protobuf(4,bytes,opt)
-}
-
-// RoleRef contains information that points to the role being used
-// +structType=atomic
-#RoleRef: {
- // APIGroup is the group for the resource being referenced
- apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-}
-
-// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
-#Role: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Rules holds all the PolicyRules for this Role
- // +optional
- rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep)
-}
-
-// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace.
-// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given
-// namespace only have effect in that namespace.
-#RoleBinding: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Subjects holds references to the objects the role applies to.
- // +optional
- subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep)
-
- // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
- // If the RoleRef cannot be resolved, the Authorizer must return an error.
- // This field is immutable.
- roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt)
-}
-
-// RoleBindingList is a collection of RoleBindings
-#RoleBindingList: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of RoleBindings
- items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep)
-}
-
-// RoleList is a collection of Roles
-#RoleList: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of Roles
- items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep)
-}
-
-// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
-#ClusterRole: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Rules holds all the PolicyRules for this ClusterRole
- // +optional
- rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep)
-
- // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
- // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
- // stomped by the controller.
- // +optional
- aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt)
-}
-
-// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
-#AggregationRule: {
- // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
- // If any of the selectors match, then the ClusterRole's permissions will be added
- // +optional
- clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep)
-}
-
-// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace,
-// and adds who information via Subject.
-#ClusterRoleBinding: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Subjects holds references to the objects the role applies to.
- // +optional
- subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep)
-
- // RoleRef can only reference a ClusterRole in the global namespace.
- // If the RoleRef cannot be resolved, the Authorizer must return an error.
- // This field is immutable.
- roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt)
-}
-
-// ClusterRoleBindingList is a collection of ClusterRoleBindings
-#ClusterRoleBindingList: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of ClusterRoleBindings
- items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep)
-}
-
-// ClusterRoleList is a collection of ClusterRoles
-#ClusterRoleList: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of ClusterRoles
- items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep)
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
deleted file mode 100644
index cef44ba5c..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Scale is used for getting and setting the base-10 scaled value.
-// Base-2 scales are omitted for mathematical simplicity.
-// See Quantity.ScaledValue for more details.
-#Scale: int32 // #enumScale
-
-#enumScale:
- #Nano |
- #Micro |
- #Milli |
- #Kilo |
- #Mega |
- #Giga |
- #Tera |
- #Peta |
- #Exa
-
-#values_Scale: {
- Nano: #Nano
- Micro: #Micro
- Milli: #Milli
- Kilo: #Kilo
- Mega: #Mega
- Giga: #Giga
- Tera: #Tera
- Peta: #Peta
- Exa: #Exa
-}
-
-#Nano: #Scale & -9
-#Micro: #Scale & -6
-#Milli: #Scale & -3
-#Kilo: #Scale & 3
-#Mega: #Scale & 6
-#Giga: #Scale & 9
-#Tera: #Scale & 12
-#Peta: #Scale & 15
-#Exa: #Scale & 18
-
-// infDecAmount implements common operations over an inf.Dec that are specific to the quantity
-// representation.
-_#infDecAmount: string
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
deleted file mode 100644
index 711f2096f..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
+++ /dev/null
@@ -1,13 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64.
-// It is also the maximum decimal digits that can be represented with an int64.
-_#maxInt64Factors: 18
-
-_#mostNegative: -9223372036854775808
-
-_#mostPositive: 9223372036854775807
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
deleted file mode 100644
index 9d9713a1b..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
+++ /dev/null
@@ -1,107 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Quantity is a fixed-point representation of a number.
-// It provides convenient marshaling/unmarshaling in JSON and YAML,
-// in addition to String() and AsInt64() accessors.
-//
-// The serialization format is:
-//
-// ```
-// ::=
-//
-// (Note that may be empty, from the "" case in .)
-//
-// ::= 0 | 1 | ... | 9
-// ::= |
-// ::= | . | . | .
-// ::= "+" | "-"
-// ::= |
-// ::= | |
-// ::= Ki | Mi | Gi | Ti | Pi | Ei
-//
-// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
-//
-// ::= m | "" | k | M | G | T | P | E
-//
-// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
-//
-// ::= "e" | "E"
-// ```
-//
-// No matter which of the three exponent forms is used, no quantity may represent
-// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal
-// places. Numbers larger or more precise will be capped or rounded up.
-// (E.g.: 0.1m will rounded up to 1m.)
-// This may be extended in the future if we require larger or smaller quantities.
-//
-// When a Quantity is parsed from a string, it will remember the type of suffix
-// it had, and will use the same type again when it is serialized.
-//
-// Before serializing, Quantity will be put in "canonical form".
-// This means that Exponent/suffix will be adjusted up or down (with a
-// corresponding increase or decrease in Mantissa) such that:
-//
-// - No precision is lost
-// - No fractional digits will be emitted
-// - The exponent (or suffix) is as large as possible.
-//
-// The sign will be omitted unless the number is negative.
-//
-// Examples:
-//
-// - 1.5 will be serialized as "1500m"
-// - 1.5Gi will be serialized as "1536Mi"
-//
-// Note that the quantity will NEVER be internally represented by a
-// floating point number. That is the whole point of this exercise.
-//
-// Non-canonical values will still parse as long as they are well formed,
-// but will be re-emitted in their canonical form. (So always use canonical
-// form, or don't diff.)
-//
-// This format is intended to make it difficult to use these numbers without
-// writing some sort of special handling code in the hopes that that will
-// cause implementors to also use a fixed point implementation.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-// +k8s:openapi-gen=true
-#Quantity: _
-
-// CanonicalValue allows a quantity amount to be converted to a string.
-#CanonicalValue: _
-
-// Format lists the three possible formattings of a quantity.
-#Format: string // #enumFormat
-
-#enumFormat:
- #DecimalExponent |
- #BinarySI |
- #DecimalSI
-
-#DecimalExponent: #Format & "DecimalExponent"
-#BinarySI: #Format & "BinarySI"
-#DecimalSI: #Format & "DecimalSI"
-
-// splitREString is used to separate a number from its suffix; as such,
-// this is overly permissive, but that's OK-- it will be checked later.
-_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
-
-_#int64QuantityExpectedBytes: 18
-
-// QuantityValue makes it possible to use a Quantity as value for a command
-// line parameter.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-#QuantityValue: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
deleted file mode 100644
index b40d68ec1..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-_#suffix: string
-
-// suffixer can interpret and construct suffixes.
-_#suffixer: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
deleted file mode 100644
index 25ea8ecf1..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Duration is a wrapper around time.Duration which supports correct
-// marshaling to YAML and JSON. In particular, it marshals into strings, which
-// can be used as map keys in json.
-#Duration: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
deleted file mode 100644
index 7ff538603..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- resource: string @go(Resource) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- resource: string @go(Resource) @protobuf(3,bytes,opt)
-}
-
-// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-}
-
-// GroupVersion contains the "group" and the "version", which uniquely identifies the API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersion: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
deleted file mode 100644
index f3c39a466..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
+++ /dev/null
@@ -1,33 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// TODO: move this, Object, List, and Type to a different package
-#ObjectMetaAccessor: _
-
-// Object lets you work with object metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field (Name, UID, Namespace on lists) will be a no-op and return
-// a default value.
-#Object: _
-
-// ListMetaAccessor retrieves the list interface from an object
-#ListMetaAccessor: _
-
-// Common lets you work with core metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Common: _
-
-// ListInterface lets you work with list metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#ListInterface: _
-
-// Type exposes the type and APIVersion of versioned or internal API objects.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Type: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
deleted file mode 100644
index 3c067bae3..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00"
-
-// MicroTime is version of Time with microsecond level precision.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#MicroTime: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
deleted file mode 100644
index 39d23b288..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#GroupName: "meta.k8s.io"
-
-#WatchEventKind: "WatchEvent"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
deleted file mode 100644
index b3c8ec266..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Time is a wrapper around time.Time which supports correct
-// marshaling to YAML and JSON. Wrappers are provided for many
-// of the factory methods that the time package offers.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Time: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
deleted file mode 100644
index 835392730..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Timestamp is a struct that is equivalent to Time, but intended for
-// protobuf marshalling/unmarshalling. It is generated into a serialization
-// that matches Time. Do not use in Go structs.
-#Timestamp: {
- // Represents seconds of UTC time since Unix epoch
- // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
- // 9999-12-31T23:59:59Z inclusive.
- seconds: int64 @go(Seconds) @protobuf(1,varint,opt)
-
- // Non-negative fractions of a second at nanosecond resolution. Negative
- // second values with fractions must still have non-negative nanos values
- // that count forward in time. Must be from 0 to 999,999,999
- // inclusive. This field may be limited in precision depending on context.
- nanos: int32 @go(Nanos) @protobuf(2,varint,opt)
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
deleted file mode 100644
index a0deb7c90..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
+++ /dev/null
@@ -1,1561 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-// Package v1 contains API types that are common to all versions.
-//
-// The package contains two categories of types:
-// - external (serialized) types that lack their own version (e.g TypeMeta)
-// - internal (never-serialized) types that are needed by several different
-// api groups, and so live here, to avoid duplication and/or import loops
-// (e.g. LabelSelector).
-//
-// In the future, we will probably move these categories of objects into
-// separate packages.
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-// TypeMeta describes an individual object in an API response or request
-// with strings representing the type of the object and its API schema version.
-// Structures that are versioned or persisted should inline TypeMeta.
-//
-// +k8s:deepcopy-gen=false
-#TypeMeta: {
- // Kind is a string value representing the REST resource this object represents.
- // Servers may infer this from the endpoint the client submits requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // APIVersion defines the versioned schema of this representation of an object.
- // Servers should convert recognized schemas to the latest internal value, and
- // may reject unrecognized values.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt)
-}
-
-// ListMeta describes metadata that synthetic resources must have, including lists and
-// various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
-#ListMeta: {
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt)
-
- // String that identifies the server's internal version of this object that
- // can be used by clients to determine when objects have changed.
- // Value must be treated as opaque by clients and passed unmodified back to the server.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt)
-
- // continue may be set if the user set a limit on the number of items returned, and indicates that
- // the server has more data available. The value is opaque and may be used to issue another request
- // to the endpoint that served this list to retrieve the next set of available objects. Continuing a
- // consistent list may not be possible if the server configuration has changed or more than a few
- // minutes have passed. The resourceVersion field returned when using this continue value will be
- // identical to the value in the first response, unless you have received this token from an error
- // message.
- continue?: string @go(Continue) @protobuf(3,bytes,opt)
-
- // remainingItemCount is the number of subsequent items in the list which are not included in this
- // list response. If the list request contained label or field selectors, then the number of
- // remaining items is unknown and the field will be left unset and omitted during serialization.
- // If the list is complete (either because it is not chunking or because this is the last chunk),
- // then there are no more remaining items and this field will be left unset and omitted during
- // serialization.
- // Servers older than v1.15 do not set this field.
- // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients
- // should not rely on the remainingItemCount to be set or to be exact.
- // +optional
- remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt)
-}
-
-#ObjectNameField: "metadata.name"
-
-#FinalizerOrphanDependents: "orphan"
-#FinalizerDeleteDependents: "foregroundDeletion"
-
-// ObjectMeta is metadata that all persisted resources must have, which includes all objects
-// users must create.
-#ObjectMeta: {
- // Name must be unique within a namespace. Is required when creating resources, although
- // some resources may allow a client to request the generation of an appropriate name
- // automatically. Name is primarily intended for creation idempotence and configuration
- // definition.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // GenerateName is an optional prefix, used by the server, to generate a unique
- // name ONLY IF the Name field has not been provided.
- // If this field is used, the name returned to the client will be different
- // than the name passed. This value will also be combined with a unique suffix.
- // The provided value has the same validation rules as the Name field,
- // and may be truncated by the length of the suffix required to make the value
- // unique on the server.
- //
- // If this field is specified and the generated name exists, the server will return a 409.
- //
- // Applied only if Name is not specified.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- // +optional
- generateName?: string @go(GenerateName) @protobuf(2,bytes,opt)
-
- // Namespace defines the space within which each name must be unique. An empty namespace is
- // equivalent to the "default" namespace, but "default" is the canonical representation.
- // Not all objects are required to be scoped to a namespace - the value of this field for
- // those objects will be empty.
- //
- // Must be a DNS_LABEL.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- // +optional
- namespace?: string @go(Namespace) @protobuf(3,bytes,opt)
-
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt)
-
- // UID is the unique in time and space value for this object. It is typically generated by
- // the server on successful creation of a resource and is not allowed to change on PUT
- // operations.
- //
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID)
-
- // An opaque value that represents the internal version of this object that can
- // be used by clients to determine when objects have changed. May be used for optimistic
- // concurrency, change detection, and the watch operation on a resource or set of resources.
- // Clients must treat these values as opaque and passed unmodified back to the server.
- // They may only be valid for a particular resource or set of resources.
- //
- // Populated by the system.
- // Read-only.
- // Value must be treated as opaque by clients and .
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // A sequence number representing a specific generation of the desired state.
- // Populated by the system. Read-only.
- // +optional
- generation?: int64 @go(Generation) @protobuf(7,varint,opt)
-
- // CreationTimestamp is a timestamp representing the server time when this object was
- // created. It is not guaranteed to be set in happens-before order across separate operations.
- // Clients may not set this value. It is represented in RFC3339 form and is in UTC.
- //
- // Populated by the system.
- // Read-only.
- // Null for lists.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt)
-
- // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
- // field is set by the server when a graceful deletion is requested by the user, and is not
- // directly settable by a client. The resource is expected to be deleted (no longer visible
- // from resource lists, and not reachable by name) after the time in this field, once the
- // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked.
- // Once the deletionTimestamp is set, this value may not be unset or be set further into the
- // future, although it may be shortened or the resource may be deleted prior to this time.
- // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react
- // by sending a graceful termination signal to the containers in the pod. After that 30 seconds,
- // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup,
- // remove the pod from the API. In the presence of network partitions, this object may still
- // exist after this timestamp, until an administrator or automated process can determine the
- // resource is fully terminated.
- // If not set, graceful deletion of the object has not been requested.
- //
- // Populated by the system when a graceful deletion is requested.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt)
-
- // Number of seconds allowed for this object to gracefully terminate before
- // it will be removed from the system. Only set when deletionTimestamp is also set.
- // May only be shortened.
- // Read-only.
- // +optional
- deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt)
-
- // Map of string keys and values that can be used to organize and categorize
- // (scope and select) objects. May match selectors of replication controllers
- // and services.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- // +optional
- labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep)
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set by external tools to store and retrieve arbitrary metadata. They are not
- // queryable and should be preserved when modifying objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- // +optional
- annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep)
-
- // List of objects depended by this object. If ALL objects in the list have
- // been deleted, this object will be garbage collected. If this object is managed by a controller,
- // then an entry in this list will point to this controller, with the controller field set to true.
- // There cannot be more than one managing controller.
- // +optional
- // +patchMergeKey=uid
- // +patchStrategy=merge
- ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep)
-
- // Must be empty before the object is deleted from the registry. Each entry
- // is an identifier for the responsible component that will remove the entry
- // from the list. If the deletionTimestamp of the object is non-nil, entries
- // in this list can only be removed.
- // Finalizers may be processed and removed in any order. Order is NOT enforced
- // because it introduces significant risk of stuck finalizers.
- // finalizers is a shared field, any actor with permission can reorder it.
- // If the finalizer list is processed in order, then this can lead to a situation
- // in which the component responsible for the first finalizer in the list is
- // waiting for a signal (field value, external system, or other) produced by a
- // component responsible for a finalizer later in the list, resulting in a deadlock.
- // Without enforced ordering finalizers are free to order amongst themselves and
- // are not vulnerable to ordering changes in the list.
- // +optional
- // +patchStrategy=merge
- finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep)
-
- // ManagedFields maps workflow-id and version to the set of fields
- // that are managed by that workflow. This is mostly for internal
- // housekeeping, and users typically shouldn't need to set or
- // understand this field. A workflow can be the user's name, a
- // controller's name, or the name of a specific apply path like
- // "ci-cd". The set of fields is always in the version that the
- // workflow used when modifying the object.
- //
- // +optional
- managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep)
-}
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNone is the argument for a context when there is no namespace.
-#NamespaceNone: ""
-
-// NamespaceSystem is the system namespace where we place system components.
-#NamespaceSystem: "kube-system"
-
-// NamespacePublic is the namespace where we place public info (ConfigMaps)
-#NamespacePublic: "kube-public"
-
-// OwnerReference contains enough information to let you identify an owning
-// object. An owning object must be in the same namespace as the dependent, or
-// be cluster-scoped, so there is no namespace field.
-// +structType=atomic
-#OwnerReference: {
- // API version of the referent.
- apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // If true, this reference points to the managing controller.
- // +optional
- controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt)
-
- // If true, AND if the owner has the "foregroundDeletion" finalizer, then
- // the owner cannot be deleted from the key-value store until this
- // reference is removed.
- // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- // for how the garbage collector interacts with this field and enforces the foreground deletion.
- // Defaults to false.
- // To set this field, a user needs "delete" permission of the owner,
- // otherwise 422 (Unprocessable Entity) will be returned.
- // +optional
- blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt)
-}
-
-// ListOptions is the query options to a standard REST list call.
-#ListOptions: {
- #TypeMeta
-
- // A selector to restrict the list of returned objects by their labels.
- // Defaults to everything.
- // +optional
- labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt)
-
- // A selector to restrict the list of returned objects by their fields.
- // Defaults to everything.
- // +optional
- fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt)
-
- // Watch for changes to the described resources and return them as a stream of
- // add, update, and remove notifications. Specify resourceVersion.
- // +optional
- watch?: bool @go(Watch) @protobuf(3,varint,opt)
-
- // allowWatchBookmarks requests watch events with type "BOOKMARK".
- // Servers that do not implement bookmarks may ignore this flag and
- // bookmarks are sent at the server's discretion. Clients should not
- // assume bookmarks are returned at any specific interval, nor may they
- // assume the server will send any BOOKMARK event during a session.
- // If this is not a watch, this field is ignored.
- // +optional
- allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt)
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // resourceVersionMatch determines how resourceVersion is applied to list calls.
- // It is highly recommended that resourceVersionMatch be set for list calls where
- // resourceVersion is set
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch)
-
- // Timeout for the list/watch call.
- // This limits the duration of the call, regardless of any activity or inactivity.
- // +optional
- timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt)
-
- // limit is a maximum number of responses to return for a list call. If more items exist, the
- // server will set the `continue` field on the list metadata to a value that can be used with the
- // same initial query to retrieve the next set of results. Setting a limit may return fewer than
- // the requested amount of items (up to zero items) in the event all requested objects are
- // filtered out and clients should only use the presence of the continue field to determine whether
- // more results are available. Servers may choose not to support the limit argument and will return
- // all of the available results. If limit is specified and the continue field is empty, clients may
- // assume that no more results are available. This field is not supported if watch is true.
- //
- // The server guarantees that the objects returned when using continue will be identical to issuing
- // a single list call without a limit - that is, no objects created, modified, or deleted after the
- // first request is issued will be included in any subsequent continued requests. This is sometimes
- // referred to as a consistent snapshot, and ensures that a client that is using limit to receive
- // smaller chunks of a very large result can ensure they see all possible objects. If objects are
- // updated during a chunked list the version of the object that was present at the time the first list
- // result was calculated is returned.
- limit?: int64 @go(Limit) @protobuf(7,varint,opt)
-
- // The continue option should be set when retrieving more results from the server. Since this value is
- // server defined, clients may only use the continue value from a previous query result with identical
- // query parameters (except for the value of continue) and the server may reject a continue value it
- // does not recognize. If the specified continue value is no longer valid whether due to expiration
- // (generally five to fifteen minutes) or a configuration change on the server, the server will
- // respond with a 410 ResourceExpired error together with a continue token. If the client needs a
- // consistent list, it must restart their list without the continue field. Otherwise, the client may
- // send another list request with the token received with the 410 error, the server will respond with
- // a list starting from the next key, but from the latest snapshot, which is inconsistent from the
- // previous list results - objects that are created, modified, or deleted after the first list request
- // will be included in the response, as long as their keys are after the "next key".
- //
- // This field is not supported when watch is true. Clients may start a watch from the last
- // resourceVersion value returned by the server and not miss any modifications.
- continue?: string @go(Continue) @protobuf(8,bytes,opt)
-
- // `sendInitialEvents=true` may be set together with `watch=true`.
- // In that case, the watch stream will begin with synthetic events to
- // produce the current state of objects in the collection. Once all such
- // events have been sent, a synthetic "Bookmark" event will be sent.
- // The bookmark will report the ResourceVersion (RV) corresponding to the
- // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation.
- // Afterwards, the watch stream will proceed as usual, sending watch events
- // corresponding to changes (subsequent to the RV) to objects watched.
- //
- // When `sendInitialEvents` option is set, we require `resourceVersionMatch`
- // option to also be set. The semantic of the watch request is as following:
- // - `resourceVersionMatch` = NotOlderThan
- // is interpreted as "data at least as new as the provided `resourceVersion`"
- // and the bookmark event is send when the state is synced
- // to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
- // If `resourceVersion` is unset, this is interpreted as "consistent read" and the
- // bookmark event is send when the state is synced at least to the moment
- // when request started being processed.
- // - `resourceVersionMatch` set to any other value or unset
- // Invalid error is returned.
- //
- // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward
- // compatibility reasons) and to false otherwise.
- // +optional
- sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt)
-}
-
-// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch
-// may only be set if resourceVersion is also set.
-//
-// "NotOlderThan" matches data at least as new as the provided resourceVersion.
-// "Exact" matches data at the exact resourceVersion provided.
-//
-// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
-// details.
-#ResourceVersionMatch: string // #enumResourceVersionMatch
-
-#enumResourceVersionMatch:
- #ResourceVersionMatchNotOlderThan |
- #ResourceVersionMatchExact
-
-// ResourceVersionMatchNotOlderThan matches data at least as new as the provided
-// resourceVersion.
-#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan"
-
-// ResourceVersionMatchExact matches data at the exact resourceVersion
-// provided.
-#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact"
-
-// GetOptions is the standard query options to the standard REST get call.
-#GetOptions: {
- #TypeMeta
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt)
-}
-
-// DeletionPropagation decides if a deletion will propagate to the dependents of
-// the object, and how the garbage collector will handle the propagation.
-#DeletionPropagation: string // #enumDeletionPropagation
-
-#enumDeletionPropagation:
- #DeletePropagationOrphan |
- #DeletePropagationBackground |
- #DeletePropagationForeground
-
-// Orphans the dependents.
-#DeletePropagationOrphan: #DeletionPropagation & "Orphan"
-
-// Deletes the object from the key-value store, the garbage collector will
-// delete the dependents in the background.
-#DeletePropagationBackground: #DeletionPropagation & "Background"
-
-// The object exists in the key-value store until the garbage collector
-// deletes all the dependents whose ownerReference.blockOwnerDeletion=true
-// from the key-value store. API sever will put the "foregroundDeletion"
-// finalizer on the object, and sets its deletionTimestamp. This policy is
-// cascading, i.e., the dependents will be deleted with Foreground.
-#DeletePropagationForeground: #DeletionPropagation & "Foreground"
-
-// DryRunAll means to complete all processing stages, but don't
-// persist changes to storage.
-#DryRunAll: "All"
-
-// DeleteOptions may be provided when deleting an API object.
-#DeleteOptions: {
- #TypeMeta
-
- // The duration in seconds before the object should be deleted. Value must be non-negative integer.
- // The value zero indicates delete immediately. If this value is nil, the default grace period for the
- // specified type will be used.
- // Defaults to a per object value if not specified. zero means delete immediately.
- // +optional
- gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt)
-
- // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
- // returned.
- // +k8s:conversion-gen=false
- // +optional
- preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt)
-
- // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
- // Should the dependent objects be orphaned. If true/false, the "orphan"
- // finalizer will be added to/removed from the object's finalizers list.
- // Either this field or PropagationPolicy may be set, but not both.
- // +optional
- orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt)
-
- // Whether and how garbage collection will be performed.
- // Either this field or OrphanDependents may be set, but not both.
- // The default policy is decided by the existing finalizer set in the
- // metadata.finalizers and the resource-specific default policy.
- // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
- // allow the garbage collector to delete the dependents in the background;
- // 'Foreground' - a cascading policy that deletes all dependents in the
- // foreground.
- // +optional
- propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt)
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep)
-}
-
-// FieldValidationIgnore ignores unknown/duplicate fields
-#FieldValidationIgnore: "Ignore"
-
-// FieldValidationWarn responds with a warning, but successfully serve the request
-#FieldValidationWarn: "Warn"
-
-// FieldValidationStrict fails the request on unknown/duplicate fields
-#FieldValidationStrict: "Strict"
-
-// CreateOptions may be provided when creating an API object.
-#CreateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// PatchOptions may be provided when patching an API object.
-// PatchOptions is meant to be a superset of UpdateOptions.
-#PatchOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people. Force
- // flag must be unset for non-apply patch requests.
- // +optional
- force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required for apply requests
- // (application/apply-patch) but optional for non-apply patch
- // types (JsonPatch, MergePatch, StrategicMergePatch).
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// ApplyOptions may be provided when applying an API object.
-// FieldManager is required for apply requests.
-// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation
-// that speaks specifically to how the options fields relate to apply.
-#ApplyOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people.
- force: bool @go(Force) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required.
- fieldManager: string @go(FieldManager) @protobuf(3,bytes)
-}
-
-// UpdateOptions may be provided when updating an API object.
-// All fields in UpdateOptions should also be present in PatchOptions.
-#UpdateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(2,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // Specifies the target ResourceVersion
- // +optional
- resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt)
-}
-
-// Status is a return value for calls that don't return other objects.
-#Status: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Status of the operation.
- // One of: "Success" or "Failure".
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: string @go(Status) @protobuf(2,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A machine-readable description of why this operation is in the
- // "Failure" status. If this value is empty there
- // is no information available. A Reason clarifies an HTTP status
- // code but does not override it.
- // +optional
- reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason)
-
- // Extended data associated with the reason. Each reason may define its
- // own extended details. This field is optional and the data returned
- // is not guaranteed to conform to any schema except that defined by
- // the reason type.
- // +optional
- details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt)
-
- // Suggested HTTP return code for this status, 0 if not set.
- // +optional
- code?: int32 @go(Code) @protobuf(6,varint,opt)
-}
-
-// StatusDetails is a set of additional properties that MAY be set by the
-// server to provide additional information about a response. The Reason
-// field of a Status object defines what attributes will be set. Clients
-// must ignore fields that do not match the defined type of each attribute,
-// and should assume that any attribute may be empty, invalid, or under
-// defined.
-#StatusDetails: {
- // The name attribute of the resource associated with the status StatusReason
- // (when there is a single name which can be described).
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The group attribute of the resource associated with the status StatusReason.
- // +optional
- group?: string @go(Group) @protobuf(2,bytes,opt)
-
- // The kind attribute of the resource associated with the status StatusReason.
- // On some operations may differ from the requested resource Kind.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(3,bytes,opt)
-
- // UID of the resource.
- // (when there is a single resource which can be described).
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // The Causes array includes more details associated with the StatusReason
- // failure. Not all StatusReasons may provide detailed causes.
- // +optional
- causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep)
-
- // If specified, the time in seconds before the operation should be retried. Some errors may indicate
- // the client must take an alternate action - for those errors this field may indicate how long to wait
- // before taking the alternate action.
- // +optional
- retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt)
-}
-
-#StatusSuccess: "Success"
-#StatusFailure: "Failure"
-
-// StatusReason is an enumeration of possible failure causes. Each StatusReason
-// must map to a single HTTP status code, but multiple reasons may map
-// to the same HTTP status code.
-// TODO: move to apiserver
-#StatusReason: string // #enumStatusReason
-
-#enumStatusReason:
- #StatusReasonUnknown |
- #StatusReasonUnauthorized |
- #StatusReasonForbidden |
- #StatusReasonNotFound |
- #StatusReasonAlreadyExists |
- #StatusReasonConflict |
- #StatusReasonGone |
- #StatusReasonInvalid |
- #StatusReasonServerTimeout |
- #StatusReasonTimeout |
- #StatusReasonTooManyRequests |
- #StatusReasonBadRequest |
- #StatusReasonMethodNotAllowed |
- #StatusReasonNotAcceptable |
- #StatusReasonRequestEntityTooLarge |
- #StatusReasonUnsupportedMediaType |
- #StatusReasonInternalError |
- #StatusReasonExpired |
- #StatusReasonServiceUnavailable
-
-// StatusReasonUnknown means the server has declined to indicate a specific reason.
-// The details field may contain other information about this error.
-// Status code 500.
-#StatusReasonUnknown: #StatusReason & ""
-
-// StatusReasonUnauthorized means the server can be reached and understood the request, but requires
-// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header)
-// in order for the action to be completed. If the user has specified credentials on the request, the
-// server considers them insufficient.
-// Status code 401
-#StatusReasonUnauthorized: #StatusReason & "Unauthorized"
-
-// StatusReasonForbidden means the server can be reached and understood the request, but refuses
-// to take any further action. It is the result of the server being configured to deny access for some reason
-// to the requested resource by the client.
-// Details (optional):
-// "kind" string - the kind attribute of the forbidden resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the forbidden resource
-// Status code 403
-#StatusReasonForbidden: #StatusReason & "Forbidden"
-
-// StatusReasonNotFound means one or more resources required for this operation
-// could not be found.
-// Details (optional):
-// "kind" string - the kind attribute of the missing resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the missing resource
-// Status code 404
-#StatusReasonNotFound: #StatusReason & "NotFound"
-
-// StatusReasonAlreadyExists means the resource you are creating already exists.
-// Details (optional):
-// "kind" string - the kind attribute of the conflicting resource
-// "id" string - the identifier of the conflicting resource
-// Status code 409
-#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists"
-
-// StatusReasonConflict means the requested operation cannot be completed
-// due to a conflict in the operation. The client may need to alter the
-// request. Each resource may define custom details that indicate the
-// nature of the conflict.
-// Status code 409
-#StatusReasonConflict: #StatusReason & "Conflict"
-
-// StatusReasonGone means the item is no longer available at the server and no
-// forwarding address is known.
-// Status code 410
-#StatusReasonGone: #StatusReason & "Gone"
-
-// StatusReasonInvalid means the requested create or update operation cannot be
-// completed due to invalid data provided as part of the request. The client may
-// need to alter the request. When set, the client may use the StatusDetails
-// message field as a summary of the issues encountered.
-// Details (optional):
-// "kind" string - the kind attribute of the invalid resource
-// "id" string - the identifier of the invalid resource
-// "causes" - one or more StatusCause entries indicating the data in the
-// provided resource that was invalid. The code, message, and
-// field attributes will be set.
-// Status code 422
-#StatusReasonInvalid: #StatusReason & "Invalid"
-
-// StatusReasonServerTimeout means the server can be reached and understood the request,
-// but cannot complete the action in a reasonable time. The client should retry the request.
-// This is may be due to temporary server load or a transient communication issue with
-// another server. Status code 500 is used because the HTTP spec provides no suitable
-// server-requested client retry and the 5xx class represents actionable errors.
-// Details (optional):
-// "kind" string - the kind attribute of the resource being acted on.
-// "id" string - the operation that is being attempted.
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 500
-#StatusReasonServerTimeout: #StatusReason & "ServerTimeout"
-
-// StatusReasonTimeout means that the request could not be completed within the given time.
-// Clients can get this response only when they specified a timeout param in the request,
-// or if the server cannot complete the operation within a reasonable amount of time.
-// The request might succeed with an increased value of timeout param. The client *should*
-// wait at least the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 504
-#StatusReasonTimeout: #StatusReason & "Timeout"
-
-// StatusReasonTooManyRequests means the server experienced too many requests within a
-// given window and that the client must wait to perform the action again. A client may
-// always retry the request that led to this error, although the client should wait at least
-// the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 429
-#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests"
-
-// StatusReasonBadRequest means that the request itself was invalid, because the request
-// doesn't make any sense, for example deleting a read-only object. This is different than
-// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the
-// data was invalid. API calls that return BadRequest can never succeed.
-// Status code 400
-#StatusReasonBadRequest: #StatusReason & "BadRequest"
-
-// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the
-// resource was not supported by the code - for instance, attempting to delete a resource that
-// can only be created. API calls that return MethodNotAllowed can never succeed.
-// Status code 405
-#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed"
-
-// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable
-// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml.
-// API calls that return NotAcceptable can never succeed.
-// Status code 406
-#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable"
-
-// StatusReasonRequestEntityTooLarge means that the request entity is too large.
-// Status code 413
-#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge"
-
-// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable
-// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml.
-// API calls that return UnsupportedMediaType can never succeed.
-// Status code 415
-#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType"
-
-// StatusReasonInternalError indicates that an internal error occurred, it is unexpected
-// and the outcome of the call is unknown.
-// Details (optional):
-// "causes" - The original error
-// Status code 500
-#StatusReasonInternalError: #StatusReason & "InternalError"
-
-// StatusReasonExpired indicates that the request is invalid because the content you are requesting
-// has expired and is no longer available. It is typically associated with watches that can't be
-// serviced.
-// Status code 410 (gone)
-#StatusReasonExpired: #StatusReason & "Expired"
-
-// StatusReasonServiceUnavailable means that the request itself was valid,
-// but the requested service is unavailable at this time.
-// Retrying the request after some time might succeed.
-// Status code 503
-#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable"
-
-// StatusCause provides more information about an api.Status failure, including
-// cases when multiple errors are encountered.
-#StatusCause: {
- // A machine-readable description of the cause of the error. If this value is
- // empty there is no information available.
- // +optional
- reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType)
-
- // A human-readable description of the cause of the error. This field may be
- // presented as-is to a reader.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // The field of the resource that has caused this error, as named by its JSON
- // serialization. May include dot and postfix notation for nested attributes.
- // Arrays are zero-indexed. Fields may appear more than once in an array of
- // causes due to fields having multiple errors.
- // Optional.
- //
- // Examples:
- // "name" - the field "name" on the current resource
- // "items[0].name" - the field "name" on the first array entry in "items"
- // +optional
- field?: string @go(Field) @protobuf(3,bytes,opt)
-}
-
-// CauseType is a machine readable value providing more detail about what
-// occurred in a status response. An operation may have multiple causes for a
-// status (whether Failure or Success).
-#CauseType: string // #enumCauseType
-
-#enumCauseType:
- #CauseTypeFieldValueNotFound |
- #CauseTypeFieldValueRequired |
- #CauseTypeFieldValueDuplicate |
- #CauseTypeFieldValueInvalid |
- #CauseTypeFieldValueNotSupported |
- #CauseTypeForbidden |
- #CauseTypeTooLong |
- #CauseTypeTooMany |
- #CauseTypeInternal |
- #CauseTypeTypeInvalid |
- #CauseTypeUnexpectedServerResponse |
- #CauseTypeFieldManagerConflict |
- #CauseTypeResourceVersionTooLarge
-
-// CauseTypeFieldValueNotFound is used to report failure to find a requested value
-// (e.g. looking up an ID).
-#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound"
-
-// CauseTypeFieldValueRequired is used to report required values that are not
-// provided (e.g. empty strings, null values, or empty arrays).
-#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired"
-
-// CauseTypeFieldValueDuplicate is used to report collisions of values that must be
-// unique (e.g. unique IDs).
-#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate"
-
-// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex
-// match).
-#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid"
-
-// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules)
-// values that can not be handled (e.g. an enumerated string).
-#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported"
-
-// CauseTypeForbidden is used to report valid (as per formatting rules)
-// values which would be accepted under some conditions, but which are not
-// permitted by the current conditions (such as security policy). See
-// Forbidden().
-#CauseTypeForbidden: #CauseType & "FieldValueForbidden"
-
-// CauseTypeTooLong is used to report that the given value is too long.
-// This is similar to ErrorTypeInvalid, but the error will not include the
-// too-long value. See TooLong().
-#CauseTypeTooLong: #CauseType & "FieldValueTooLong"
-
-// CauseTypeTooMany is used to report "too many". This is used to
-// report that a given list has too many items. This is similar to FieldValueTooLong,
-// but the error indicates quantity instead of length.
-#CauseTypeTooMany: #CauseType & "FieldValueTooMany"
-
-// CauseTypeInternal is used to report other errors that are not related
-// to user input. See InternalError().
-#CauseTypeInternal: #CauseType & "InternalError"
-
-// CauseTypeTypeInvalid is for the value did not match the schema type for that field
-#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid"
-
-// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client
-// without the expected return type. The presence of this cause indicates the error may be
-// due to an intervening proxy or the server software malfunctioning.
-#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse"
-
-// FieldManagerConflict is used to report when another client claims to manage this field,
-// It should only be returned for a request using server-side apply.
-#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict"
-
-// CauseTypeResourceVersionTooLarge is used to report that the requested resource version
-// is newer than the data observed by the API server, so the request cannot be served.
-#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge"
-
-// List holds a list of objects, which may not be known by the server.
-#List: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of objects
- items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep)
-}
-
-// APIVersions lists the versions that are available, to allow clients to
-// discover the API at /api, which is the root path of the legacy v1 API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#APIVersions: {
- #TypeMeta
-
- // versions are the api versions that are available.
- versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep)
-}
-
-// APIGroupList is a list of APIGroup, to allow clients to discover the API at
-// /apis.
-#APIGroupList: {
- #TypeMeta
-
- // groups is a list of APIGroup.
- groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep)
-}
-
-// APIGroup contains the name, the supported versions, and the preferred version
-// of a group.
-#APIGroup: {
- #TypeMeta
-
- // name is the name of the group.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // versions are the versions supported in this group.
- versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep)
-
- // preferredVersion is the version preferred by the API server, which
- // probably is the storage version.
- // +optional
- preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- // +optional
- serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep)
-}
-
-// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.
-#ServerAddressByClientCIDR: {
- // The CIDR with which clients can match their IP to figure out the server address that they should use.
- clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt)
-
- // Address of this server, suitable for a client that matches the above CIDR.
- // This can be a hostname, hostname:port, IP or IP:port.
- serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt)
-}
-
-// GroupVersion contains the "group/version" and "version" string of a version.
-// It is made a struct to keep extensibility.
-#GroupVersionForDiscovery: {
- // groupVersion specifies the API group and version in the form "group/version"
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // version specifies the version in the form of "version". This is to save
- // the clients the trouble of splitting the GroupVersion.
- version: string @go(Version) @protobuf(2,bytes,opt)
-}
-
-// APIResource specifies the name of a resource and whether it is namespaced.
-#APIResource: {
- // name is the plural name of the resource.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely.
- // The singularName is more correct for reporting status on a single item and both singular and plural are allowed
- // from the kubectl CLI interface.
- singularName: string @go(SingularName) @protobuf(6,bytes,opt)
-
- // namespaced indicates if a resource is namespaced or not.
- namespaced: bool @go(Namespaced) @protobuf(2,varint,opt)
-
- // group is the preferred group of the resource. Empty implies the group of the containing resource list.
- // For subresources, this may have a different value, for example: Scale".
- group?: string @go(Group) @protobuf(8,bytes,opt)
-
- // version is the preferred version of the resource. Empty implies the version of the containing resource list
- // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)".
- version?: string @go(Version) @protobuf(9,bytes,opt)
-
- // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-
- // verbs is a list of supported kube verbs (this includes get, list, watch, create,
- // update, patch, delete, deletecollection, and proxy)
- verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt)
-
- // shortNames is a list of suggested short names of the resource.
- shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep)
-
- // categories is a list of the grouped resources this resource belongs to (e.g. 'all')
- categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep)
-
- // The hash value of the storage version, the version this resource is
- // converted to when written to the data store. Value must be treated
- // as opaque by clients. Only equality comparison on the value is valid.
- // This is an alpha feature and may change or be removed in the future.
- // The field is populated by the apiserver only if the
- // StorageVersionHash feature gate is enabled.
- // This field will remain optional even if it graduates.
- // +optional
- storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt)
-}
-
-// Verbs masks the value so protobuf can generate
-//
-// +protobuf.nullable=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Verbs: [...string]
-
-// APIResourceList is a list of APIResource, it is used to expose the name of the
-// resources supported in a specific group and version, and if the resource
-// is namespaced.
-#APIResourceList: {
- #TypeMeta
-
- // groupVersion is the group and version this APIResourceList is for.
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // resources contains the name of the resources and if they are namespaced.
- resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep)
-}
-
-// RootPaths lists the paths available at root.
-// For example: "/healthz", "/apis".
-#RootPaths: {
- // paths are the paths available at root.
- paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep)
-}
-
-// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
-#Patch: {
-}
-
-// A label selector is a label query over a set of resources. The result of matchLabels and
-// matchExpressions are ANDed. An empty label selector matches all objects. A null
-// label selector matches no objects.
-// +structType=atomic
-#LabelSelector: {
- // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key field is "key", the
- // operator is "In", and the values array contains only "value". The requirements are ANDed.
- // +optional
- matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep)
-
- // matchExpressions is a list of label selector requirements. The requirements are ANDed.
- // +optional
- matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A label selector requirement is a selector that contains values, a key, and an operator that
-// relates the key and values.
-#LabelSelectorRequirement: {
- // key is the label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator)
-
- // values is an array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. This array is replaced during a strategic
- // merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A label selector operator is the set of operators that can be used in a selector requirement.
-#LabelSelectorOperator: string // #enumLabelSelectorOperator
-
-#enumLabelSelectorOperator:
- #LabelSelectorOpIn |
- #LabelSelectorOpNotIn |
- #LabelSelectorOpExists |
- #LabelSelectorOpDoesNotExist
-
-#LabelSelectorOpIn: #LabelSelectorOperator & "In"
-#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn"
-#LabelSelectorOpExists: #LabelSelectorOperator & "Exists"
-#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist"
-
-// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource
-// that the fieldset applies to.
-#ManagedFieldsEntry: {
- // Manager is an identifier of the workflow managing these fields.
- manager?: string @go(Manager) @protobuf(1,bytes,opt)
-
- // Operation is the type of operation which lead to this ManagedFieldsEntry being created.
- // The only valid values for this field are 'Apply' and 'Update'.
- operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType)
-
- // APIVersion defines the version of this resource that this field set
- // applies to. The format is "group/version" just like the top-level
- // APIVersion field. It is necessary to track the version of a field
- // set because it cannot be automatically converted.
- apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
-
- // Time is the timestamp of when the ManagedFields entry was added. The
- // timestamp will also be updated if a field is added, the manager
- // changes any of the owned fields value or removes a field. The
- // timestamp does not update when a field is removed from the entry
- // because another manager took it over.
- // +optional
- time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt)
-
- // FieldsType is the discriminator for the different fields format and version.
- // There is currently only one possible value: "FieldsV1"
- fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt)
-
- // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
- // +optional
- fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt)
-
- // Subresource is the name of the subresource used to update that object, or
- // empty string if the object was updated through the main resource. The
- // value of this field is used to distinguish between managers, even if they
- // share the same name. For example, a status update will be distinct from a
- // regular update using the same manager name.
- // Note that the APIVersion field is not related to the Subresource field and
- // it always corresponds to the version of the main resource.
- subresource?: string @go(Subresource) @protobuf(8,bytes,opt)
-}
-
-// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created.
-#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType
-
-#enumManagedFieldsOperationType:
- #ManagedFieldsOperationApply |
- #ManagedFieldsOperationUpdate
-
-#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply"
-#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update"
-
-// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
-//
-// Each key is either a '.' representing the field itself, and will always map to an empty set,
-// or a string representing a sub-field or item. The string will follow one of these four formats:
-// 'f:', where is the name of a field in a struct, or key in a map
-// 'v:', where is the exact json formatted value of a list item
-// 'i:', where is position of a item in a list
-// 'k:', where is a map of a list item's key fields to their unique values
-// If a key maps to an empty Fields value, the field that key represents is part of the set.
-//
-// The exact format is defined in sigs.k8s.io/structured-merge-diff
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#FieldsV1: _
-
-// Table is a tabular representation of a set of API resources. The server transforms the
-// object into a set of preferred columns for quickly reviewing the objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=false
-#Table: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta)
-
- // columnDefinitions describes each column in the returned items array. The number of cells per row
- // will always match the number of column definitions.
- columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition)
-
- // rows is the list of items in the table.
- rows: [...#TableRow] @go(Rows,[]TableRow)
-}
-
-// TableColumnDefinition contains information about a column returned in the Table.
-// +protobuf=false
-#TableColumnDefinition: {
- // name is a human readable name for the column.
- name: string @go(Name)
-
- // type is an OpenAPI type definition for this column, such as number, integer, string, or
- // array.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- type: string @go(Type)
-
- // format is an optional OpenAPI type modifier for this column. A format modifies the type and
- // imposes additional rules, like date or time formatting for a string. The 'name' format is applied
- // to the primary identifier column which has type 'string' to assist in clients identifying column
- // is the resource name.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- format: string @go(Format)
-
- // description is a human readable description of this column.
- description: string @go(Description)
-
- // priority is an integer defining the relative importance of this column compared to others. Lower
- // numbers are considered higher priority. Columns that may be omitted in limited space scenarios
- // should be given a higher priority.
- priority: int32 @go(Priority)
-}
-
-// TableRow is an individual row in a table.
-// +protobuf=false
-#TableRow: {
- // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or
- // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a
- // more detailed description.
- cells: [...] @go(Cells,[]interface{})
-
- // conditions describe additional status of a row that are relevant for a human user. These conditions
- // apply to the row, not to the object, and will be specific to table output. The only defined
- // condition type is 'Completed', for a row that indicates a resource that has run to completion and
- // can be given less visual priority.
- // +optional
- conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition)
-
- // This field contains the requested additional information about each object based on the includeObject
- // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the
- // default serialization of the object for the current API version, and if "Metadata" (the default) will
- // contain the object metadata. Check the returned kind and apiVersion of the object before parsing.
- // The media type of the object will always match the enclosing list - if this as a JSON table, these
- // will be JSON encoded objects.
- // +optional
- object?: runtime.#RawExtension @go(Object)
-}
-
-// TableRowCondition allows a row to be marked with additional information.
-// +protobuf=false
-#TableRowCondition: {
- // Type of row condition. The only defined value is 'Completed' indicating that the
- // object this row represents has reached a completed state and may be given less visual
- // priority than other rows. Clients are not required to honor any conditions but should
- // be consistent where possible about handling the conditions.
- type: #RowConditionType @go(Type)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status)
-
- // (brief) machine readable reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message)
-}
-
-#RowConditionType: string // #enumRowConditionType
-
-#enumRowConditionType:
- #RowCompleted
-
-// RowCompleted means the underlying resource has reached completion and may be given less
-// visual priority than other resources.
-#RowCompleted: #RowConditionType & "Completed"
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// IncludeObjectPolicy controls which portion of the object is returned with a Table.
-#IncludeObjectPolicy: string // #enumIncludeObjectPolicy
-
-#enumIncludeObjectPolicy:
- #IncludeNone |
- #IncludeMetadata |
- #IncludeObject
-
-// IncludeNone returns no object.
-#IncludeNone: #IncludeObjectPolicy & "None"
-
-// IncludeMetadata serializes the object containing only its metadata field.
-#IncludeMetadata: #IncludeObjectPolicy & "Metadata"
-
-// IncludeObject contains the full object.
-#IncludeObject: #IncludeObjectPolicy & "Object"
-
-// TableOptions are used when a Table is requested by the caller.
-// +k8s:conversion-gen:explicit-from=net/url.Values
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#TableOptions: {
- #TypeMeta
-
- // includeObject decides whether to include each object along with its columnar information.
- // Specifying "None" will return no object, specifying "Object" will return the full object contents, and
- // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind
- // in version v1beta1 of the meta.k8s.io API group.
- includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy)
-}
-
-// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients
-// to get access to a particular ObjectMeta schema without knowing the details of the version.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadata: {
- #TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-}
-
-// PartialObjectMetadataList contains a list of objects containing only their metadata
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadataList: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items contains each of the included items.
- items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep)
-}
-
-// Condition contains details for one aspect of the current state of this API Resource.
-// ---
-// This struct is intended for direct use as an array at the field path .status.conditions. For example,
-//
-// type FooStatus struct{
-// // Represents the observations of a foo's current state.
-// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-// // +patchMergeKey=type
-// // +patchStrategy=merge
-// // +listType=map
-// // +listMapKey=type
-// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-//
-// // other fields
-// }
-#Condition: {
- // type of condition in CamelCase or in foo.example.com/CamelCase.
- // ---
- // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- // useful (see .node.status.conditions), the ability to deconflict is important.
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // status of the condition, one of True, False, Unknown.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Enum=True;False;Unknown
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt)
-
- // observedGeneration represents the .metadata.generation that the condition was set based upon.
- // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- // with respect to the current state of the instance.
- // +optional
- // +kubebuilder:validation:Minimum=0
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // lastTransitionTime is the last time the condition transitioned from one status to another.
- // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Type=string
- // +kubebuilder:validation:Format=date-time
- lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason contains a programmatic identifier indicating the reason for the condition's last transition.
- // Producers of specific condition types may define expected values and meanings for this field,
- // and whether the values are considered a guaranteed API.
- // The value should be a CamelCase string.
- // This field may not be empty.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=1024
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
- reason: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is a human readable message indicating details about the transition.
- // This may be an empty string.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=32768
- message: string @go(Message) @protobuf(6,bytes,opt)
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
deleted file mode 100644
index 12f5f1b63..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
+++ /dev/null
@@ -1,30 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/watch"
-)
-
-// Event represents a single event to a watched resource.
-//
-// +protobuf=true
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#WatchEvent: {
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Error: *Status is recommended; other types may make sense
- // depending on context.
- object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt)
-}
-
-// InternalEvent makes watch.Event versioned
-// +protobuf=false
-#InternalEvent: watch.#Event
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
deleted file mode 100644
index 43474c392..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// SimpleAllocator a wrapper around make([]byte)
-// conforms to the MemoryAllocator interface
-#SimpleAllocator: {
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
deleted file mode 100644
index a05de5d58..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
+++ /dev/null
@@ -1,37 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// codec binds an encoder and decoder.
-_#codec: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding.
-#NoopEncoder: {
- Decoder: #Decoder
-}
-
-_#noopEncoderIdentifier: #Identifier & "noop"
-
-// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding.
-#NoopDecoder: {
- Encoder: #Encoder
-}
-
-_#base64Serializer: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-_#internalGroupVersionerIdentifier: "internal"
-_#disabledGroupVersionerIdentifier: "disabled"
-
-_#internalGroupVersioner: {
-}
-
-_#disabledGroupVersioner: {
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
deleted file mode 100644
index ce6d644cb..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime defines conversions between generic types and structs to map query strings
-// to struct objects.
-package runtime
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
deleted file mode 100644
index f49ad1e36..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// UnstructuredConverter is an interface for converting between interface{}
-// and map[string]interface representation.
-#UnstructuredConverter: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
deleted file mode 100644
index 89c5c51b3..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
+++ /dev/null
@@ -1,39 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime includes helper functions for working with API objects
-// that follow the kubernetes API object conventions, which are:
-//
-// 0. Your API objects have a common metadata struct member, TypeMeta.
-//
-// 1. Your code refers to an internal set of API objects.
-//
-// 2. In a separate package, you have an external set of API objects.
-//
-// 3. The external set is considered to be versioned, and no breaking
-// changes are ever made to it (fields may be added but not changed
-// or removed).
-//
-// 4. As your api evolves, you'll make an additional versioned package
-// with every major change.
-//
-// 5. Versioned packages have conversion functions which convert to
-// and from the internal version.
-//
-// 6. You'll continue to support older versions according to your
-// deprecation policy, and you can easily provide a program/library
-// to update old versions into new versions because of 5.
-//
-// 7. All of your serializations and deserializations are handled in a
-// centralized place.
-//
-// Package runtime provides a conversion helper to make 5 easy, and the
-// Encode/Decode/DecodeInto trio to accomplish 7. You can also register
-// additional "codecs" which use a version of your choice. It's
-// recommended that you register your types with runtime in your
-// package's init function.
-//
-// As a bonus, a few common types useful from all api objects and versions
-// are provided in types.go.
-package runtime
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
deleted file mode 100644
index d43f15f25..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-_#encodable: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
deleted file mode 100644
index ec8f1f070..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
+++ /dev/null
@@ -1,23 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// MultiObjectTyper returns the types of objects across multiple schemes in order.
-#MultiObjectTyper: [...#ObjectTyper]
-
-_#defaultFramer: {
-}
-
-// WithVersionEncoder serializes an object and ensures the GVK is set.
-#WithVersionEncoder: {
- Version: #GroupVersioner
- Encoder: #Encoder
- ObjectTyper: #ObjectTyper
-}
-
-// WithoutVersionDecoder clears the group version kind of a deserialized object.
-#WithoutVersionDecoder: {
- Decoder: #Decoder
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
deleted file mode 100644
index 22abcb620..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
+++ /dev/null
@@ -1,165 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// APIVersionInternal may be used if you are registering a type that should not
-// be considered stable or serialized - it is a convention only and has no
-// special behavior in this package.
-#APIVersionInternal: "__internal"
-
-// GroupVersioner refines a set of possible conversion targets into a single option.
-#GroupVersioner: _
-
-// Identifier represents an identifier.
-// Identitier of two different objects should be equal if and only if for every
-// input the output they produce is exactly the same.
-#Identifier: string // #enumIdentifier
-
-#enumIdentifier:
- _#noopEncoderIdentifier
-
-// Encoder writes objects to a serialized form
-#Encoder: _
-
-// MemoryAllocator is responsible for allocating memory.
-// By encapsulating memory allocation into its own interface, we can reuse the memory
-// across many operations in places we know it can significantly improve the performance.
-#MemoryAllocator: _
-
-// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations.
-#EncoderWithAllocator: _
-
-// Decoder attempts to load an object from data.
-#Decoder: _
-
-// Serializer is the core interface for transforming objects into a serialized format and back.
-// Implementations may choose to perform conversion of the object, but no assumptions should be made.
-#Serializer: _
-
-// Codec is a Serializer that deals with the details of versioning objects. It offers the same
-// interface as Serializer, so this is a marker to consumers that care about the version of the objects
-// they receive.
-#Codec: #Serializer
-
-// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and
-// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing
-// and the desired version must be specified.
-#ParameterCodec: _
-
-// Framer is a factory for creating readers and writers that obey a particular framing pattern.
-#Framer: _
-
-// SerializerInfo contains information about a specific serialization format
-#SerializerInfo: {
- // MediaType is the value that represents this serializer over the wire.
- MediaType: string
-
- // MediaTypeType is the first part of the MediaType ("application" in "application/json").
- MediaTypeType: string
-
- // MediaTypeSubType is the second part of the MediaType ("json" in "application/json").
- MediaTypeSubType: string
-
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the individual object serializer for this media type.
- Serializer: #Serializer
-
- // PrettySerializer, if set, can serialize this object in a form biased towards
- // readability.
- PrettySerializer: #Serializer
-
- // StrictSerializer, if set, deserializes this object strictly,
- // erring on unknown fields.
- StrictSerializer: #Serializer
-
- // StreamSerializer, if set, describes the streaming serialization format
- // for this media type.
- StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo)
-}
-
-// StreamSerializerInfo contains information about a specific stream serialization format
-#StreamSerializerInfo: {
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the top level object serializer for this type when streaming
- Serializer: #Serializer
-
- // Framer is the factory for retrieving streams that separate objects on the wire
- Framer: #Framer
-}
-
-// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers
-// for multiple supported media types. This would commonly be accepted by a server component
-// that performs HTTP content negotiation to accept multiple formats.
-#NegotiatedSerializer: _
-
-// ClientNegotiator handles turning an HTTP content type into the appropriate encoder.
-// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from
-// a NegotiatedSerializer.
-#ClientNegotiator: _
-
-// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers
-// that can read and write data at rest. This would commonly be used by client tools that must
-// read files, or server side storage interfaces that persist restful objects.
-#StorageSerializer: _
-
-// NestedObjectEncoder is an optional interface that objects may implement to be given
-// an opportunity to encode any nested Objects / RawExtensions during serialization.
-#NestedObjectEncoder: _
-
-// NestedObjectDecoder is an optional interface that objects may implement to be given
-// an opportunity to decode any nested Objects / RawExtensions during serialization.
-// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding
-// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields).
-// As such it is important for callers of DecodeNestedObjects to check to confirm whether
-// an error is a runtime.StrictDecodingError before short circuiting.
-// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError
-// is only returned when the rest of decoding has succeeded.
-#NestedObjectDecoder: _
-
-#ObjectDefaulter: _
-
-#ObjectVersioner: _
-
-// ObjectConvertor converts an object to a different version.
-#ObjectConvertor: _
-
-// ObjectTyper contains methods for extracting the APIVersion and Kind
-// of objects.
-#ObjectTyper: _
-
-// ObjectCreater contains methods for instantiating an object by kind and version.
-#ObjectCreater: _
-
-// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource
-#EquivalentResourceMapper: _
-
-// EquivalentResourceRegistry provides an EquivalentResourceMapper interface,
-// and allows registering known resource[/subresource] -> kind
-#EquivalentResourceRegistry: _
-
-// ResourceVersioner provides methods for setting and retrieving
-// the resource version from an API object.
-#ResourceVersioner: _
-
-// Namer provides methods for retrieving name and namespace of an API object.
-#Namer: _
-
-// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are
-// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows
-// serializers to set the kind, version, and group the object is represented as. An Object may choose
-// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized.
-#Object: _
-
-// CacheableObject allows an object to cache its different serializations
-// to avoid performing the same serialization multiple times.
-#CacheableObject: _
-
-// Unstructured objects store values as map[string]interface{}, with only values that can be serialized
-// to JSON allowed.
-#Unstructured: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
deleted file mode 100644
index 7580f4676..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// NegotiateError is returned when a ClientNegotiator is unable to locate
-// a serializer for the requested operation.
-#NegotiateError: {
- ContentType: string
- Stream: bool
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
deleted file mode 100644
index bd9c409a7..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Splice is the interface that wraps the Splice method.
-//
-// Splice moves data from given slice without copying the underlying data for
-// efficiency purpose. Therefore, the caller should make sure the underlying
-// data is not changed later.
-#Splice: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
deleted file mode 100644
index 9dfc078b4..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Pair of strings. We keed the name of fields and the doc
-#Pair: {
- Name: string
- Doc: string
-}
-
-// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself
-#KubeTypes: [...#Pair]
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
deleted file mode 100644
index d1ee609a2..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
+++ /dev/null
@@ -1,97 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type,
-// like this:
-//
-// type MyAwesomeAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// ... // other fields
-// }
-//
-// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind
-//
-// TypeMeta is provided here for convenience. You may use it directly from this package or define
-// your own with the same fields.
-//
-// +k8s:deepcopy-gen=false
-// +protobuf=true
-// +k8s:openapi-gen=true
-#TypeMeta: {
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // +optional
- kind?: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-#ContentTypeJSON: "application/json"
-#ContentTypeYAML: "application/yaml"
-#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf"
-
-// RawExtension is used to hold extensions in external versions.
-//
-// To use this, make a field which has RawExtension as its type in your external, versioned
-// struct, and Object in your internal struct. You also need to register your
-// various plugin types.
-//
-// // Internal package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.Object `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // External package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.RawExtension `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // On the wire, the JSON will look something like this:
-//
-// {
-// "kind":"MyAPIObject",
-// "apiVersion":"v1",
-// "myPlugin": {
-// "kind":"PluginA",
-// "aOption":"foo",
-// },
-// }
-//
-// So what happens? Decode first uses json or yaml to unmarshal the serialized data into
-// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.
-// The next step is to copy (using pkg/conversion) into the internal struct. The runtime
-// package's DefaultScheme has conversion functions installed which will unpack the
-// JSON stored in RawExtension, turning it into the correct object type, and storing it
-// in the Object. (TODO: In the case where the object is of an unknown type, a
-// runtime.Unknown object will be created and stored.)
-//
-// +k8s:deepcopy-gen=true
-// +protobuf=true
-// +k8s:openapi-gen=true
-#RawExtension: _
-
-// Unknown allows api objects with unknown types to be passed-through. This can be used
-// to deal with the API objects from a plug-in. Unknown objects still have functioning
-// TypeMeta features-- kind, version, etc.
-// TODO: Make this object have easy access to field based accessors and settors for
-// metadata and field mutatation.
-//
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=true
-// +k8s:openapi-gen=true
-#Unknown: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
deleted file mode 100644
index 8b8ddf891..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-#ProtobufMarshaller: _
-
-#ProtobufReverseMarshaller: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
deleted file mode 100644
index bfb4bcda3..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-// Package types implements various generic types used throughout kubernetes.
-package types
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
deleted file mode 100644
index 7cb2745aa..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-#NamespacedName: {
- Namespace: string
- Name: string
-}
-
-#Separator: 47 // '/'
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
deleted file mode 100644
index 8b264b80c..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// NodeName is a type that holds a api.Node's Name identifier.
-// Being a type captures intent and helps make sure that the node name
-// is not confused with similar concepts (the hostname, the cloud provider id,
-// the cloud provider name etc)
-//
-// To clarify the various types:
-//
-// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName.
-// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level.
-//
-// - Hostname is the hostname of the local machine (from uname -n).
-// However, some components allow the user to pass in a --hostname-override flag,
-// which will override this in most places. In the absence of anything more meaningful,
-// kubelet will use Hostname as the Node.Name when it creates the Node.
-//
-// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId.
-//
-// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the
-// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up
-// to the cloudprovider how to do this mapping.
-//
-// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the
-// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if
-// we are using a custom DHCP domain it won't be.
-#NodeName: string
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
deleted file mode 100644
index 3de5d80f9..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// Similarly to above, these are constants to support HTTP PATCH utilized by
-// both the client and server that didn't make sense for a whole package to be
-// dedicated to.
-#PatchType: string // #enumPatchType
-
-#enumPatchType:
- #JSONPatchType |
- #MergePatchType |
- #StrategicMergePatchType |
- #ApplyPatchType
-
-#JSONPatchType: #PatchType & "application/json-patch+json"
-#MergePatchType: #PatchType & "application/merge-patch+json"
-#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json"
-#ApplyPatchType: #PatchType & "application/apply-patch+yaml"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
deleted file mode 100644
index 40bdd8285..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// UID is a type that holds unique ID values, including UUIDs. Because we
-// don't ONLY use UUIDs, this is an alias to string. Being a type captures
-// intent and helps make sure that UIDs and names do not get conflated.
-#UID: string
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
deleted file mode 100644
index 2c8cc3651..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr
-
-package intstr
-
-// IntOrString is a type that can hold an int32 or a string. When used in
-// JSON or YAML marshalling and unmarshalling, it produces or consumes the
-// inner type. This allows you to have, for example, a JSON field that can
-// accept a name or number.
-// TODO: Rename to Int32OrString
-//
-// +protobuf=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:openapi-gen=true
-#IntOrString: _
-
-// Type represents the stored type of IntOrString.
-#Type: int64 // #enumType
-
-#enumType:
- #Int |
- #String
-
-#values_Type: {
- Int: #Int
- String: #String
-}
-
-#Int: #Type & 0
-#String: #Type & 1
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
deleted file mode 100644
index bc1b91894..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-// Package watch contains a generic watchable interface, and a fake for
-// testing code that uses the watch interface.
-package watch
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
deleted file mode 100644
index 045e8ec85..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Recorder records all events that are sent from the watch until it is closed.
-#Recorder: {
- Interface: #Interface
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
deleted file mode 100644
index dcf72d5b0..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch
-// channel is full.
-#FullChannelBehavior: int // #enumFullChannelBehavior
-
-#enumFullChannelBehavior:
- #WaitIfChannelFull |
- #DropIfChannelFull
-
-#values_FullChannelBehavior: {
- WaitIfChannelFull: #WaitIfChannelFull
- DropIfChannelFull: #DropIfChannelFull
-}
-
-#WaitIfChannelFull: #FullChannelBehavior & 0
-#DropIfChannelFull: #FullChannelBehavior & 1
-
-_#incomingQueueLength: 25
-
-_#internalRunFunctionMarker: "internal-do-function"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
deleted file mode 100644
index f0805cfb2..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written.
-#Decoder: _
-
-// Reporter hides the details of how an error is turned into a runtime.Object for
-// reporting on a watch stream since this package may not import a higher level report.
-#Reporter: _
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
deleted file mode 100644
index 0db2e6be1..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-import "k8s.io/apimachinery/pkg/runtime"
-
-// Interface can be implemented by anything that knows how to watch and report changes.
-#Interface: _
-
-// EventType defines the possible types of events.
-#EventType: string // #enumEventType
-
-#enumEventType:
- #Added |
- #Modified |
- #Deleted |
- #Bookmark |
- #Error
-
-#Added: #EventType & "ADDED"
-#Modified: #EventType & "MODIFIED"
-#Deleted: #EventType & "DELETED"
-#Bookmark: #EventType & "BOOKMARK"
-#Error: #EventType & "ERROR"
-
-// Event represents a single event to a watched resource.
-// +k8s:deepcopy-gen=true
-#Event: {
- Type: #EventType
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Bookmark: the object (instance of a type being watched) where
- // only ResourceVersion field is set. On successful restart of watch from a
- // bookmark resourceVersion, client is guaranteed to not get repeat event
- // nor miss any events.
- // * If Type is Error: *api.Status is recommended; other types may make sense
- // depending on context.
- Object: runtime.#Object
-}
-
-// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe.
-#RaceFreeFakeWatcher: {
- Stopped: bool
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue
deleted file mode 100644
index 17c5a791a..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue
+++ /dev/null
@@ -1,326 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/fluxcd/kustomize-controller/releases/download/v1.3.0/kustomize-controller.crds.yaml
-
-package v1
-
-import "strings"
-
-// Kustomization is the Schema for the kustomizations API.
-#Kustomization: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "kustomize.toolkit.fluxcd.io/v1"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "Kustomization"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // KustomizationSpec defines the configuration to calculate the
- // desired state
- // from a Source using Kustomize.
- spec!: #KustomizationSpec
-}
-
-// KustomizationSpec defines the configuration to calculate the
-// desired state
-// from a Source using Kustomize.
-#KustomizationSpec: {
- // CommonMetadata specifies the common labels and annotations that
- // are
- // applied to all resources. Any existing label or annotation will
- // be
- // overridden if its key matches a common one.
- commonMetadata?: {
- // Annotations to be added to the object's metadata.
- annotations?: {
- [string]: string
- }
-
- // Labels to be added to the object's metadata.
- labels?: {
- [string]: string
- }
- }
-
- // Components specifies relative paths to specifications of other
- // Components.
- components?: [...string]
-
- // Decrypt Kubernetes secrets before applying them on the cluster.
- decryption?: {
- // Provider is the name of the decryption engine.
- provider: "sops"
- secretRef?: {
- // Name of the referent.
- name: string
- }
- }
-
- // DependsOn may contain a meta.NamespacedObjectReference slice
- // with references to Kustomization resources that must be ready
- // before this
- // Kustomization can be reconciled.
- dependsOn?: [...{
- // Name of the referent.
- name: string
-
- // Namespace of the referent, when not specified it acts as
- // LocalObjectReference.
- namespace?: string
- }]
-
- // Force instructs the controller to recreate resources
- // when patching fails due to an immutable field change.
- force?: bool | *false
-
- // A list of resources to be included in the health assessment.
- healthChecks?: [...{
- // API version of the referent, if not specified the Kubernetes
- // preferred version will be used.
- apiVersion?: string
-
- // Kind of the referent.
- kind: string
-
- // Name of the referent.
- name: string
-
- // Namespace of the referent, when not specified it acts as
- // LocalObjectReference.
- namespace?: string
- }]
-
- // Images is a list of (image name, new name, new tag or digest)
- // for changing image names, tags or digests. This can also be
- // achieved with a
- // patch, but this operator is simpler to specify.
- images?: [...{
- // Digest is the value used to replace the original image tag.
- // If digest is present NewTag value is ignored.
- digest?: string
-
- // Name is a tag-less image name.
- name: string
-
- // NewName is the value used to replace the original name.
- newName?: string
-
- // NewTag is the value used to replace the original tag.
- newTag?: string
- }]
-
- // The interval at which to reconcile the Kustomization.
- // This interval is approximate and may be subject to jitter to
- // ensure
- // efficient use of resources.
- interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
- kubeConfig?: {
- // SecretRef holds the name of a secret that contains a key with
- // the kubeconfig file as the value. If no key is set, the key
- // will default
- // to 'value'.
- // It is recommended that the kubeconfig is self-contained, and
- // the secret
- // is regularly updated if credentials such as a
- // cloud-access-token expire.
- // Cloud specific `cmd-path` auth helpers will not function
- // without adding
- // binaries and credentials to the Pod that is responsible for
- // reconciling
- // Kubernetes resources.
- secretRef: {
- // Key in the Secret, when not specified an
- // implementation-specific default key is used.
- key?: string
-
- // Name of the Secret.
- name: string
- }
- }
-
- // NamePrefix will prefix the names of all managed resources.
- namePrefix?: strings.MaxRunes(200) & strings.MinRunes(1)
-
- // NameSuffix will suffix the names of all managed resources.
- nameSuffix?: strings.MaxRunes(200) & strings.MinRunes(1)
-
- // Strategic merge and JSON patches, defined as inline YAML
- // objects,
- // capable of targeting objects based on kind, label and
- // annotation selectors.
- patches?: [...{
- // Patch contains an inline StrategicMerge patch or an inline
- // JSON6902 patch with
- // an array of operation objects.
- patch: string
-
- // Target points to the resources that the patch document should
- // be applied to.
- target?: {
- // AnnotationSelector is a string that follows the label selection
- // expression
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- // It matches with the resource annotations.
- annotationSelector?: string
-
- // Group is the API group to select resources from.
- // Together with Version and Kind it is capable of unambiguously
- // identifying and/or selecting resources.
- // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- group?: string
-
- // Kind of the API Group to select resources from.
- // Together with Group and Version it is capable of unambiguously
- // identifying and/or selecting resources.
- // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- kind?: string
-
- // LabelSelector is a string that follows the label selection
- // expression
- // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- // It matches with the resource labels.
- labelSelector?: string
-
- // Name to match resources with.
- name?: string
-
- // Namespace to select resources from.
- namespace?: string
-
- // Version of the API Group to select resources from.
- // Together with Group and Kind it is capable of unambiguously
- // identifying and/or selecting resources.
- // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- version?: string
- }
- }]
-
- // Path to the directory containing the kustomization.yaml file,
- // or the
- // set of plain YAMLs a kustomization.yaml should be generated
- // for.
- // Defaults to 'None', which translates to the root path of the
- // SourceRef.
- path?: string
-
- // PostBuild describes which actions to perform on the YAML
- // manifest
- // generated by building the kustomize overlay.
- postBuild?: {
- // Substitute holds a map of key/value pairs.
- // The variables defined in your YAML manifests that match any of
- // the keys
- // defined in the map will be substituted with the set value.
- // Includes support for bash string replacement functions
- // e.g. ${var:=default}, ${var:position} and
- // ${var/substring/replacement}.
- substitute?: {
- [string]: string
- }
-
- // SubstituteFrom holds references to ConfigMaps and Secrets
- // containing
- // the variables and their values to be substituted in the YAML
- // manifests.
- // The ConfigMap and the Secret data keys represent the var names,
- // and they
- // must match the vars declared in the manifests for the
- // substitution to
- // happen.
- substituteFrom?: [...{
- // Kind of the values referent, valid values are ('Secret',
- // 'ConfigMap').
- kind: "Secret" | "ConfigMap"
-
- // Name of the values referent. Should reside in the same
- // namespace as the
- // referring resource.
- name: strings.MaxRunes(253) & strings.MinRunes(1)
-
- // Optional indicates whether the referenced resource must exist,
- // or whether to
- // tolerate its absence. If true and the referenced resource is
- // absent, proceed
- // as if the resource was present but empty, without any variables
- // defined.
- optional?: bool | *false
- }]
- }
-
- // Prune enables garbage collection.
- prune: bool
-
- // The interval at which to retry a previously failed
- // reconciliation.
- // When not specified, the controller uses the
- // KustomizationSpec.Interval
- // value to retry failures.
- retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
-
- // The name of the Kubernetes service account to impersonate
- // when reconciling this Kustomization.
- serviceAccountName?: string
-
- // Reference of the source where the kustomization file is.
- sourceRef: {
- // API version of the referent.
- apiVersion?: string
-
- // Kind of the referent.
- kind: "OCIRepository" | "GitRepository" | "Bucket"
-
- // Name of the referent.
- name: string
-
- // Namespace of the referent, defaults to the namespace of the
- // Kubernetes
- // resource object that contains the reference.
- namespace?: string
- }
-
- // This flag tells the controller to suspend subsequent kustomize
- // executions,
- // it does not apply to already started executions. Defaults to
- // false.
- suspend?: bool
-
- // TargetNamespace sets or overrides the namespace in the
- // kustomization.yaml file.
- targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
-
- // Timeout for validation, apply and health checking operations.
- // Defaults to 'Interval' duration.
- timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
-
- // Wait instructs the controller to check the health of all the
- // reconciled
- // resources. When enabled, the HealthChecks are ignored. Defaults
- // to false.
- wait?: bool
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue
deleted file mode 100644
index 28abd59d2..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue
+++ /dev/null
@@ -1,175 +0,0 @@
-// Code generated by timoni. DO NOT EDIT.
-
-//timoni:generate timoni vendor crd -f https://github.com/fluxcd/source-controller/releases/download/v1.3.0/source-controller.crds.yaml
-
-package v1beta2
-
-import "strings"
-
-// OCIRepository is the Schema for the ocirepositories API
-#OCIRepository: {
- // APIVersion defines the versioned schema of this representation
- // of an object.
- // Servers should convert recognized schemas to the latest
- // internal value, and
- // may reject unrecognized values.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- apiVersion: "source.toolkit.fluxcd.io/v1beta2"
-
- // Kind is a string value representing the REST resource this
- // object represents.
- // Servers may infer this from the endpoint the client submits
- // requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info:
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: "OCIRepository"
- metadata!: {
- name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
- string
- }
- namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
- string
- }
- labels?: {
- [string]: string
- }
- annotations?: {
- [string]: string
- }
- }
-
- // OCIRepositorySpec defines the desired state of OCIRepository
- spec!: #OCIRepositorySpec
-}
-
-// OCIRepositorySpec defines the desired state of OCIRepository
-#OCIRepositorySpec: {
- certSecretRef?: {
- // Name of the referent.
- name: string
- }
-
- // Ignore overrides the set of excluded patterns in the
- // .sourceignore format
- // (which is the same as .gitignore). If not provided, a default
- // will be used,
- // consult the documentation for your version to find out what
- // those are.
- ignore?: string
-
- // Insecure allows connecting to a non-TLS HTTP container
- // registry.
- insecure?: bool
-
- // Interval at which the OCIRepository URL is checked for updates.
- // This interval is approximate and may be subject to jitter to
- // ensure
- // efficient use of resources.
- interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
-
- // LayerSelector specifies which layer should be extracted from
- // the OCI artifact.
- // When not specified, the first layer found in the artifact is
- // selected.
- layerSelector?: {
- // MediaType specifies the OCI media type of the layer
- // which should be extracted from the OCI Artifact. The
- // first layer matching this type is selected.
- mediaType?: string
-
- // Operation specifies how the selected layer should be processed.
- // By default, the layer compressed content is extracted to
- // storage.
- // When the operation is set to 'copy', the layer compressed
- // content
- // is persisted to storage as it is.
- operation?: "extract" | "copy"
- }
-
- // The provider used for authentication, can be 'aws', 'azure',
- // 'gcp' or 'generic'.
- // When not specified, defaults to 'generic'.
- provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
-
- // The OCI reference to pull and monitor for changes,
- // defaults to the latest tag.
- ref?: {
- // Digest is the image digest to pull, takes precedence over
- // SemVer.
- // The value should be in the format 'sha256:'.
- digest?: string
-
- // SemVer is the range of tags to pull selecting the latest within
- // the range, takes precedence over Tag.
- semver?: string
-
- // SemverFilter is a regex pattern to filter the tags within the
- // SemVer range.
- semverFilter?: string
-
- // Tag is the image tag to pull, defaults to latest.
- tag?: string
- }
- secretRef?: {
- // Name of the referent.
- name: string
- }
-
- // ServiceAccountName is the name of the Kubernetes ServiceAccount
- // used to authenticate
- // the image pull if the service account has attached pull
- // secrets. For more information:
- // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
- serviceAccountName?: string
-
- // This flag tells the controller to suspend the reconciliation of
- // this source.
- suspend?: bool
-
- // The timeout for remote OCI Repository operations like pulling,
- // defaults to 60s.
- timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
-
- // URL is a reference to an OCI artifact repository hosted
- // on a remote container registry.
- url: =~"^oci://.*$"
-
- // Verify contains the secret name containing the trusted public
- // keys
- // used to verify the signature and specifies which provider to
- // use to check
- // whether OCI image is authentic.
- verify?: {
- // MatchOIDCIdentity specifies the identity matching criteria to
- // use
- // while verifying an OCI artifact which was signed using Cosign
- // keyless
- // signing. The artifact's identity is deemed to be verified if
- // any of the
- // specified matchers match against the identity.
- matchOIDCIdentity?: [...{
- // Issuer specifies the regex pattern to match against to verify
- // the OIDC issuer in the Fulcio certificate. The pattern must be
- // a
- // valid Go regular expression.
- issuer: string
-
- // Subject specifies the regex pattern to match against to verify
- // the identity subject in the Fulcio certificate. The pattern
- // must
- // be a valid Go regular expression.
- subject: string
- }]
-
- // Provider specifies the technology used to sign the OCI
- // Artifact.
- provider: "cosign" | "notation" | *"cosign"
- secretRef?: {
- // Name of the referent.
- name: string
- }
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/module.cue b/k8s/timoni/kustomize-oci/cue.mod/module.cue
deleted file mode 100644
index 3b8a6e4ba..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/module.cue
+++ /dev/null
@@ -1,2 +0,0 @@
-module: "timoni.sh/kustomize-oci"
-language: version: "v0.9.0"
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
deleted file mode 100644
index 2c579e99d..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Action holds the list of annotations for controlling
-// Timoni's apply behaviour of Kubernetes resources.
-Action: {
- // Force annotation for recreating immutable resources such as Kubernetes Jobs.
- Force: {
- "action.timoni.sh/force": ActionStatus.Enabled
- }
- // One-off annotation for appling resources only if they don't exist on the cluster.
- Oneoff: {
- "action.timoni.sh/one-off": ActionStatus.Enabled
- }
- // Keep annotation for preventing Timoni's garbage collector from deleting resources.
- Keep: {
- "action.timoni.sh/prune": ActionStatus.Disabled
- }
-}
-
-ActionStatus: {
- Enabled: "enabled"
- Disabled: "disabled"
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
deleted file mode 100644
index 1535ea43f..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strings"
-)
-
-// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image.
-#Image: {
-
- // Repository is the address of a container registry repository.
- // An image repository is made up of slash-separated name components, optionally
- // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
- repository!: string
-
- // Tag identifies an image in the repository.
- // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes.
- // A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
- tag!: string & strings.MaxRunes(128)
-
- // Digest uniquely and immutably identifies an image in the repository.
- // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
- digest!: string
-
- // PullPolicy defines the pull policy for the image.
- // By default, it is set to IfNotPresent.
- pullPolicy: *"IfNotPresent" | "Always" | "Never"
-
- // Reference is the image address computed from repository, tag and digest
- // in the format [REPOSITORY]:[TAG]@[DIGEST].
- reference: string
-
- if digest != "" && tag != "" {
- reference: "\(repository):\(tag)@\(digest)"
- }
-
- if digest != "" && tag == "" {
- reference: "\(repository)@\(digest)"
- }
-
- if digest == "" && tag != "" {
- reference: "\(repository):\(tag)"
- }
-
- if digest == "" && tag == "" {
- reference: "\(repository):latest"
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
deleted file mode 100644
index 19f098967..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/base64"
- "strings"
-)
-
-// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson.
-// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets.
-#ImagePullSecret: {
- // Metadata is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]].
- #Registry!: string
-
- // Username is the username used to authenticate to the container registry.
- #Username!: string
-
- // Password is the password used to authenticate to the container registry.
- #Password!: string
-
- // Optional suffix used to generate the Secret name.
- #Suffix: *"" | string & strings.MaxRunes(30)
-
- let auth = base64.Encode(null, #Username+":"+#Password)
-
- apiVersion: "v1"
- kind: "Secret"
- type: "kubernetes.io/dockerconfigjson"
- metadata: {
- name: #Meta.name + #Suffix
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- stringData: {
- ".dockerconfigjson": """
- {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}}
- """
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
deleted file mode 100644
index 7b31c23e4..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/json"
- "strings"
- "uuid"
-)
-
-#ConfigMapKind: "ConfigMap"
-#SecretKind: "Secret"
-
-// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets.
-// The metadata.name of the generated object is suffixed with the hash of the input data.
-#ImmutableConfig: {
- // Kind of the generated object.
- #Kind: *#ConfigMapKind | #SecretKind
-
- // Metadata of the generated object.
- #Meta: #Metadata
-
- // Optional suffix appended to the generate name.
- #Suffix: *"" | string
-
- // Data of the generated object.
- #Data: {[string]: string}
-
- let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0]
-
- apiVersion: "v1"
- kind: #Kind
- metadata: {
- name: #Meta.name + #Suffix + "-" + hash
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- immutable: true
- if kind == #ConfigMapKind {
- data: #Data
- }
- if kind == #SecretKind {
- stringData: #Data
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
deleted file mode 100644
index ad96b0621..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// InstanceName defines the schema for the name of a Timoni instance.
-// The instance name is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceNamespace defines the schema for the namespace of a Timoni instance.
-// The instance namespace is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership.
-#InstanceOwnerReference: {
- #Name: "instance.timoni.sh/name"
- #Namespace: "instance.timoni.sh/namespace"
-}
-
-// InstanceModule defines the schema for the Module of a Timoni instance.
-#InstanceModule: {
- url: string & =~"^((oci|file)://.*)$"
- version: *"latest" | string
- digest?: string
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
deleted file mode 100644
index 7be10c909..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// Annotations defines the schema for Kubernetes object metadata annotations.
-#Annotations: {[string & strings.MaxRunes(253)]: string}
-
-// Labels defines the schema for Kubernetes object metadata labels.
-#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
-
-#StdLabelName: "app.kubernetes.io/name"
-#StdLabelVersion: "app.kubernetes.io/version"
-#StdLabelPartOf: "app.kubernetes.io/part-of"
-#StdLabelManagedBy: "app.kubernetes.io/managed-by"
-#StdLabelComponent: "app.kubernetes.io/component"
-#StdLabelInstance: "app.kubernetes.io/instance"
-
-// Metadata defines the schema for Kubernetes object metadata.
-#Metadata: {
- // Version should be in the strict semver format. Is required when creating resources.
- #Version!: string & strings.MaxRunes(63)
-
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name!: #InstanceName
-
- // Namespace defines the space within which each name must be unique.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- namespace!: #InstanceNamespace
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set to store and retrieve arbitrary metadata.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- annotations?: #Annotations
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes labels: app name, version and managed-by.
- labels: {
- (#StdLabelName): name
- (#StdLabelVersion): #Version
- (#StdLabelManagedBy): "timoni"
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name label.
- #LabelSelector: #Labels & {
- (#StdLabelName): name
- }
-}
-
-// MetaComponent generates the Kubernetes object metadata for a module namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
- namespace: #Meta.namespace
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
-
-// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.namespace is unset.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaClusterComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
deleted file mode 100644
index 1dcdb699e..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// ObjectReference is a reference to a Kubernetes object.
-#ObjectReference: {
- // Name of the referent.
- name!: string & strings.MaxRunes(256)
-
- // Namespace of the referent.
- namespace?: string & strings.MaxRunes(256)
-
- // API version of the referent.
- apiVersion?: string & strings.MaxRunes(256)
-
- // Kind of the referent.
- kind?: string & strings.MaxRunes(256)
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
deleted file mode 100644
index d3b5573ae..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m.
-#CPUQuantity: string & =~"^[1-9]\\d*m$"
-
-// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi.
-#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$"
-
-// ResourceRequirement defines the schema for the CPU and Memory resource requirements.
-#ResourceRequirement: {
- cpu?: #CPUQuantity
- memory?: #MemoryQuantity
-}
-
-// ResourceRequirements defines the schema for the compute resource requirements of a container.
-// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- limits?: #ResourceRequirement
-
- // Requests describes the minimum amount of compute resources required.
- // Requests cannot exceed Limits.
- requests?: #ResourceRequirement & {
- if limits != _|_ {
- if limits.cpu != _|_ {
- _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0])
- _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0])
- #cpu: int & >=_rc & _lc
- }
- }
- }
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
deleted file mode 100644
index 9c4f2384b..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc.
-#Selector: {
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- #Name!: #InstanceName
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes label: app name.
- labels: (#StdLabelName): #Name
-}
diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
deleted file mode 100644
index ecd1e397f..000000000
--- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// SemVer validates the input version string and extracts the major and minor version numbers.
-// When Minimum is set, the major and minor parts must be greater or equal to the minimum
-// or a validation error is returned.
-#SemVer: {
- // Input version string in strict semver format.
- #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- // Minimum is the minimum allowed MAJOR.MINOR version.
- #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0])
- let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1])
-
- major: int & >=minMajor
- major: strconv.Atoi(strings.Split(#Version, ".")[0])
-
- minor: int & >=minMinor
- minor: strconv.Atoi(strings.Split(#Version, ".")[1])
-}
diff --git a/k8s/timoni/kustomize-oci/templates/config.cue b/k8s/timoni/kustomize-oci/templates/config.cue
deleted file mode 100644
index 06e09c7f7..000000000
--- a/k8s/timoni/kustomize-oci/templates/config.cue
+++ /dev/null
@@ -1,70 +0,0 @@
-package templates
-
-import (
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#Config: {
- moduleVersion!: string
- kubeVersion!: string
-
- metadata: timoniv1.#Metadata & {#Version: moduleVersion}
-
- artifact: {
- url!: string & =~"^oci://.*$"
- tag: *"latest" | string
- semver?: string
- interval: *1 | int
- ignore: *"" | string
- }
-
- auth: {
- provider: *"generic" | "aws" | "azure" | "gcp"
- credentials?: {
- username!: string
- password!: string
- }
- }
-
- tls: {
- insecure: *false | bool
- ca?: string
- }
-
- sync: {
- path: *"./" | string
- prune: *true | bool
- wait: *true | bool
- timeout: *3 | int
- retryInterval: *5 | int
-
- serviceAccountName?: string
- targetNamespace?: string
- }
-
- substitute?: [string]: string
-
- dependsOn?: [...{
- name: string
- namespace?: string
- }]
-
- patches: [...{...}]
-}
-
-#Instance: {
- config: #Config
-
- objects: {
- ocirepository: #OCIRepository & {#config: config}
- kustomization: #Kustomization & {#config: config}
- }
-
- if config.auth.credentials != _|_ {
- objects: imagepullsecret: #PullSecret & {#config: config}
- }
-
- if config.tls.ca != _|_ {
- objects: tlssecret: #TLSSecret & {#config: config}
- }
-}
diff --git a/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue b/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue
deleted file mode 100644
index bd46086e5..000000000
--- a/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue
+++ /dev/null
@@ -1,16 +0,0 @@
-package templates
-
-import (
- "strings"
-
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#PullSecret: timoniv1.#ImagePullSecret & {
- #config: #Config
- #Meta: #config.metadata
- #Suffix: "-oci-auth"
- #Registry: strings.Split(#config.artifact.url, "/")[2]
- #Username: #config.auth.credentials.username
- #Password: #config.auth.credentials.password
-}
diff --git a/k8s/timoni/kustomize-oci/templates/kustomization.cue b/k8s/timoni/kustomize-oci/templates/kustomization.cue
deleted file mode 100644
index 5ce7db165..000000000
--- a/k8s/timoni/kustomize-oci/templates/kustomization.cue
+++ /dev/null
@@ -1,40 +0,0 @@
-package templates
-
-import (
- "encoding/yaml"
- ksv1 "kustomize.toolkit.fluxcd.io/kustomization/v1"
- sourcev1 "source.toolkit.fluxcd.io/ocirepository/v1beta2"
-)
-
-#Kustomization: ksv1.#Kustomization & {
- #config: #Config
- metadata: #config.metadata
- spec: ksv1.#KustomizationSpec & {
- sourceRef: {
- kind: sourcev1.#OCIRepository.kind
- name: #config.metadata.name
- }
- interval: "60m"
- retryInterval: "\(#config.sync.retryInterval)m"
- path: #config.sync.path
- prune: #config.sync.prune
- wait: #config.sync.wait
- timeout: "\(#config.sync.timeout)m"
- if #config.sync.serviceAccountName != _|_ {
- serviceAccountName: #config.sync.serviceAccountName
- }
- if #config.sync.targetNamespace != _|_ {
- targetNamespace: #config.sync.targetNamespace
- }
- if #config.substitute != _|_ {
- postBuild: substitute: #config.substitute
- }
- if #config.dependsOn != _|_ {
- dependsOn: #config.dependsOn
- }
- patches: [for p in #config.patches {
- patch: yaml.Marshal(p.patch)
- target: p.target
- }]
- }
-}
diff --git a/k8s/timoni/kustomize-oci/templates/ocirepository.cue b/k8s/timoni/kustomize-oci/templates/ocirepository.cue
deleted file mode 100644
index ec89939f0..000000000
--- a/k8s/timoni/kustomize-oci/templates/ocirepository.cue
+++ /dev/null
@@ -1,33 +0,0 @@
-package templates
-
-import (
- sourcev1 "source.toolkit.fluxcd.io/ocirepository/v1beta2"
-)
-
-#OCIRepository: sourcev1.#OCIRepository & {
- #config: #Config
- metadata: #config.metadata
- spec: sourcev1.#OCIRepositorySpec & {
- interval: "\(#config.artifact.interval)m"
- url: #config.artifact.url
- if #config.artifact.semver != _|_ {
- ref: semver: #config.artifact.semver
- }
- if #config.artifact.semver == _|_ {
- ref: tag: #config.artifact.tag
- }
- provider: #config.auth.provider
- if #config.auth.credentials != _|_ {
- secretRef: name: #config.metadata.name + "-oci-auth"
- }
- if #config.artifact.ignore != "" {
- ignore: #config.artifact.ignore
- }
- if #config.tls.insecure {
- insecure: #config.tls.insecure
- }
- if #config.tls.ca != _|_ {
- certSecretRef: name: #config.metadata.name + "-oci-tls"
- }
- }
-}
diff --git a/k8s/timoni/kustomize-oci/templates/tlssecret.cue b/k8s/timoni/kustomize-oci/templates/tlssecret.cue
deleted file mode 100644
index 76190544c..000000000
--- a/k8s/timoni/kustomize-oci/templates/tlssecret.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-package templates
-
-import (
- corev1 "k8s.io/api/core/v1"
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#TLSSecret: corev1.#Secret & {
- #config: #Config
- apiVersion: "v1"
- kind: "Secret"
- metadata: timoniv1.#MetaComponent & {
- #Meta: #config.metadata
- #Component: "oci-tls"
- }
- stringData: {
- if #config.tls.ca != _|_ {
- "ca.crt": #config.tls.ca
- }
- }
-}
diff --git a/k8s/timoni/kustomize-oci/timoni.cue b/k8s/timoni/kustomize-oci/timoni.cue
deleted file mode 100644
index cb02a3349..000000000
--- a/k8s/timoni/kustomize-oci/timoni.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-package main
-
-import (
- templates "timoni.sh/kustomize-oci/templates"
-)
-
-values: templates.#Config
-
-timoni: {
- apiVersion: "v1alpha1"
-
- instance: templates.#Instance & {
- config: values
- config: {
- metadata: {
- name: string @tag(name)
- namespace: string @tag(namespace)
- }
- moduleVersion: string @tag(mv, var=moduleVersion)
- kubeVersion: string @tag(kv, var=kubeVersion)
- }
- }
-
- apply: all: [for obj in instance.objects {obj}]
-}
diff --git a/k8s/timoni/kustomize-oci/timoni.ignore b/k8s/timoni/kustomize-oci/timoni.ignore
deleted file mode 100644
index 0722c3486..000000000
--- a/k8s/timoni/kustomize-oci/timoni.ignore
+++ /dev/null
@@ -1,14 +0,0 @@
-# VCS
-.git/
-.gitignore
-.gitmodules
-.gitattributes
-
-# Go
-vendor/
-go.mod
-go.sum
-
-# CUE
-*_tool.cue
-debug_values.cue
diff --git a/k8s/timoni/kustomize-oci/values.cue b/k8s/timoni/kustomize-oci/values.cue
deleted file mode 100644
index 17bc0aff9..000000000
--- a/k8s/timoni/kustomize-oci/values.cue
+++ /dev/null
@@ -1,3 +0,0 @@
-package main
-
-values: {}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
deleted file mode 100644
index c2497a513..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/apps/v1
-
-package v1
-
-#GroupName: "apps"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
deleted file mode 100644
index d3ecc8345..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
+++ /dev/null
@@ -1,946 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/apps/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/util/intstr"
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-#ControllerRevisionHashLabelKey: "controller-revision-hash"
-#StatefulSetRevisionLabel: "controller-revision-hash"
-#DeprecatedRollbackTo: "deprecated.deployment.rollback.to"
-#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation"
-#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
-#PodIndexLabel: "apps.kubernetes.io/pod-index"
-
-// StatefulSet represents a set of pods with consistent identities.
-// Identities are defined as:
-// - Network: A single stable DNS and hostname.
-// - Storage: As many VolumeClaims as requested.
-//
-// The StatefulSet guarantees that a given network identity will always
-// map to the same storage identity.
-#StatefulSet: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the desired identities of pods in this set.
- // +optional
- spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the current status of Pods in this StatefulSet. This data
- // may be out of date by some window of time.
- // +optional
- status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PodManagementPolicyType defines the policy for creating pods under a stateful set.
-// +enum
-#PodManagementPolicyType: string // #enumPodManagementPolicyType
-
-#enumPodManagementPolicyType:
- #OrderedReadyPodManagement |
- #ParallelPodManagement
-
-// OrderedReadyPodManagement will create pods in strictly increasing order on
-// scale up and strictly decreasing order on scale down, progressing only when
-// the previous pod is ready or terminated. At most one pod will be changed
-// at any time.
-#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
-
-// ParallelPodManagement will create and delete pods as soon as the stateful set
-// replica count is changed, and will not wait for pods to be ready or complete
-// termination.
-#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
-
-// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
-// controller will use to perform updates. It includes any additional parameters
-// necessary to perform the update for the indicated strategy.
-#StatefulSetUpdateStrategy: {
- // Type indicates the type of the StatefulSetUpdateStrategy.
- // Default is RollingUpdate.
- // +optional
- type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
-
- // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
- // +optional
- rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
-}
-
-// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
-// all possible update strategies for the StatefulSet controller.
-// +enum
-#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
-
-#enumStatefulSetUpdateStrategyType:
- #RollingUpdateStatefulSetStrategyType |
- #OnDeleteStatefulSetStrategyType
-
-// RollingUpdateStatefulSetStrategyType indicates that update will be
-// applied to all Pods in the StatefulSet with respect to the StatefulSet
-// ordering constraints. When a scale operation is performed with this
-// strategy, new Pods will be created from the specification version indicated
-// by the StatefulSet's updateRevision.
-#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
-
-// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
-// tracking and ordered rolling restarts are disabled. Pods are recreated
-// from the StatefulSetSpec when they are manually deleted. When a scale
-// operation is performed with this strategy,specification version indicated
-// by the StatefulSet's currentRevision.
-#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
-
-// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
-#RollingUpdateStatefulSetStrategy: {
- // Partition indicates the ordinal at which the StatefulSet should be partitioned
- // for updates. During a rolling update, all pods from ordinal Replicas-1 to
- // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
- // This is helpful in being able to do a canary based deployment. The default value is 0.
- // +optional
- partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
-
- // The maximum number of pods that can be unavailable during the update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // Absolute number is calculated from percentage by rounding up. This can not be 0.
- // Defaults to 1. This field is alpha-level and is only honored by servers that enable the
- // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
- // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
- // will be counted towards MaxUnavailable.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
-}
-
-// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
-// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
-// deleted or scaled down.
-#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
-
-#enumPersistentVolumeClaimRetentionPolicyType:
- #RetainPersistentVolumeClaimRetentionPolicyType |
- #DeletePersistentVolumeClaimRetentionPolicyType
-
-// RetainPersistentVolumeClaimRetentionPolicyType is the default
-// PersistentVolumeClaimRetentionPolicy and specifies that
-// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
-// will not be deleted.
-#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
-
-// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
-// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
-// will be deleted in the scenario specified in
-// StatefulSetPersistentVolumeClaimRetentionPolicy.
-#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
-
-// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
-// created from the StatefulSet VolumeClaimTemplates.
-#StatefulSetPersistentVolumeClaimRetentionPolicy: {
- // WhenDeleted specifies what happens to PVCs created from StatefulSet
- // VolumeClaimTemplates when the StatefulSet is deleted. The default policy
- // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
- // `Delete` policy causes those PVCs to be deleted.
- whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
-
- // WhenScaled specifies what happens to PVCs created from StatefulSet
- // VolumeClaimTemplates when the StatefulSet is scaled down. The default
- // policy of `Retain` causes PVCs to not be affected by a scaledown. The
- // `Delete` policy causes the associated PVCs for any excess pods above
- // the replica count to be deleted.
- whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
-}
-
-// StatefulSetOrdinals describes the policy used for replica ordinal assignment
-// in this StatefulSet.
-#StatefulSetOrdinals: {
- // start is the number representing the first replica's index. It may be used
- // to number replicas from an alternate index (eg: 1-indexed) over the default
- // 0-indexed names, or to orchestrate progressive movement of replicas from
- // one StatefulSet to another.
- // If set, replica indices will be in the range:
- // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
- // If unset, defaults to 0. Replica indices will be in the range:
- // [0, .spec.replicas).
- // +optional
- start: int32 @go(Start) @protobuf(1,varint,opt)
-}
-
-// A StatefulSetSpec is the specification of a StatefulSet.
-#StatefulSetSpec: {
- // replicas is the desired number of replicas of the given Template.
- // These are replicas in the sense that they are instantiations of the
- // same Template, but individual replicas also have a consistent identity.
- // If unspecified, defaults to 1.
- // TODO: Consider a rename of this field.
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // selector is a label query over pods that should match the replica count.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // template is the object that describes the pod that will be created if
- // insufficient replicas are detected. Each pod stamped out by the StatefulSet
- // will fulfill this Template, but have a unique identity from the rest
- // of the StatefulSet. Each pod will be named with the format
- // -. For example, a pod in a StatefulSet named
- // "web" with index number "3" would be named "web-3".
- // The only allowed template.spec.restartPolicy value is "Always".
- template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-
- // volumeClaimTemplates is a list of claims that pods are allowed to reference.
- // The StatefulSet controller is responsible for mapping network identities to
- // claims in a way that maintains the identity of a pod. Every claim in
- // this list must have at least one matching (by name) volumeMount in one
- // container in the template. A claim in this list takes precedence over
- // any volumes in the template, with the same name.
- // TODO: Define the behavior if a claim already exists with the same name.
- // +optional
- volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
-
- // serviceName is the name of the service that governs this StatefulSet.
- // This service must exist before the StatefulSet, and is responsible for
- // the network identity of the set. Pods get DNS/hostnames that follow the
- // pattern: pod-specific-string.serviceName.default.svc.cluster.local
- // where "pod-specific-string" is managed by the StatefulSet controller.
- serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
-
- // podManagementPolicy controls how pods are created during initial scale up,
- // when replacing pods on nodes, or when scaling down. The default policy is
- // `OrderedReady`, where pods are created in increasing order (pod-0, then
- // pod-1, etc) and the controller will wait until each pod is ready before
- // continuing. When scaling down, the pods are removed in the opposite order.
- // The alternative policy is `Parallel` which will create pods in parallel
- // to match the desired scale without waiting, and on scale down will delete
- // all pods at once.
- // +optional
- podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
-
- // updateStrategy indicates the StatefulSetUpdateStrategy that will be
- // employed to update Pods in the StatefulSet when a revision is made to
- // Template.
- updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
-
- // revisionHistoryLimit is the maximum number of revisions that will
- // be maintained in the StatefulSet's revision history. The revision history
- // consists of all revisions not represented by a currently applied
- // StatefulSetSpec version. The default value is 10.
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
-
- // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
- // volume claims created from volumeClaimTemplates. By default, all persistent
- // volume claims are created as needed and retained until manually deleted. This
- // policy allows the lifecycle to be altered, for example by deleting persistent
- // volume claims when their stateful set is deleted, or when their pod is scaled
- // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
- // which is alpha. +optional
- persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
-
- // ordinals controls the numbering of replica indices in a StatefulSet. The
- // default ordinals behavior assigns a "0" index to the first replica and
- // increments the index by one for each additional replica requested. Using
- // the ordinals field requires the StatefulSetStartOrdinal feature gate to be
- // enabled, which is beta.
- // +optional
- ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
-}
-
-// StatefulSetStatus represents the current state of a StatefulSet.
-#StatefulSetStatus: {
- // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
- // StatefulSet's generation, which is updated on mutation by the API Server.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
-
- // replicas is the number of Pods created by the StatefulSet controller.
- replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
-
- // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
-
- // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
- // indicated by currentRevision.
- currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
-
- // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
- // indicated by updateRevision.
- updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
-
- // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
- // sequence [0,currentReplicas).
- currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
-
- // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
- // [replicas-updatedReplicas,replicas)
- updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
-
- // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
- // uses this field as a collision avoidance mechanism when it needs to create the name for the
- // newest ControllerRevision.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
-
- // Represents the latest available observations of a statefulset's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
-
- // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
- // +optional
- availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
-}
-
-#StatefulSetConditionType: string
-
-// StatefulSetCondition describes the state of a statefulset at a certain point.
-#StatefulSetCondition: {
- // Type of statefulset condition.
- type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// StatefulSetList is a collection of StatefulSets.
-#StatefulSetList: {
- metav1.#TypeMeta
-
- // Standard list's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of stateful sets.
- items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
-}
-
-// Deployment enables declarative updates for Pods and ReplicaSets.
-#Deployment: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the Deployment.
- // +optional
- spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the Deployment.
- // +optional
- status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// DeploymentSpec is the specification of the desired behavior of the Deployment.
-#DeploymentSpec: {
- // Number of desired pods. This is a pointer to distinguish between explicit
- // zero and not specified. Defaults to 1.
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Label selector for pods. Existing ReplicaSets whose pods are
- // selected by this will be the ones affected by this deployment.
- // It must match the pod template's labels.
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // Template describes the pods that will be created.
- // The only allowed template.spec.restartPolicy value is "Always".
- template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-
- // The deployment strategy to use to replace existing pods with new ones.
- // +optional
- // +patchStrategy=retainKeys
- strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
-
- // The number of old ReplicaSets to retain to allow rollback.
- // This is a pointer to distinguish between explicit zero and not specified.
- // Defaults to 10.
- // +optional
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
-
- // Indicates that the deployment is paused.
- // +optional
- paused?: bool @go(Paused) @protobuf(7,varint,opt)
-
- // The maximum time in seconds for a deployment to make progress before it
- // is considered to be failed. The deployment controller will continue to
- // process failed deployments and a condition with a ProgressDeadlineExceeded
- // reason will be surfaced in the deployment status. Note that progress will
- // not be estimated during the time a deployment is paused. Defaults to 600s.
- progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
-}
-
-// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
-// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
-// to select new pods (and old pods being select by new ReplicaSet).
-#DefaultDeploymentUniqueLabelKey: "pod-template-hash"
-
-// DeploymentStrategy describes how to replace existing pods with new ones.
-#DeploymentStrategy: {
- // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
- // +optional
- type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
-
- // Rolling update config params. Present only if DeploymentStrategyType =
- // RollingUpdate.
- //---
- // TODO: Update this to follow our convention for oneOf, whatever we decide it
- // to be.
- // +optional
- rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#DeploymentStrategyType: string // #enumDeploymentStrategyType
-
-#enumDeploymentStrategyType:
- #RecreateDeploymentStrategyType |
- #RollingUpdateDeploymentStrategyType
-
-// Kill all existing pods before creating new ones.
-#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
-
-// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
-#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
-
-// Spec to control the desired behavior of rolling update.
-#RollingUpdateDeployment: {
- // The maximum number of pods that can be unavailable during the update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // Absolute number is calculated from percentage by rounding down.
- // This can not be 0 if MaxSurge is 0.
- // Defaults to 25%.
- // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- // that the total number of pods available at all times during the update is at
- // least 70% of desired pods.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
-
- // The maximum number of pods that can be scheduled above the desired number of
- // pods.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // This can not be 0 if MaxUnavailable is 0.
- // Absolute number is calculated from percentage by rounding up.
- // Defaults to 25%.
- // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- // the rolling update starts, such that the total number of old and new pods do not exceed
- // 130% of desired pods. Once old pods have been killed,
- // new ReplicaSet can be scaled up further, ensuring that total number of pods running
- // at any time during the update is at most 130% of desired pods.
- // +optional
- maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
-}
-
-// DeploymentStatus is the most recently observed status of the Deployment.
-#DeploymentStatus: {
- // The generation observed by the deployment controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
-
- // Total number of non-terminated pods targeted by this deployment (their labels match the selector).
- // +optional
- replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
-
- // Total number of non-terminated pods targeted by this deployment that have the desired template spec.
- // +optional
- updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
-
- // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
-
- // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
-
- // Total number of unavailable pods targeted by this deployment. This is the total number of
- // pods that are still required for the deployment to have 100% available capacity. They may
- // either be pods that are running but not yet available or pods that still have not been created.
- // +optional
- unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
-
- // Represents the latest available observations of a deployment's current state.
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
-
- // Count of hash collisions for the Deployment. The Deployment controller uses this
- // field as a collision avoidance mechanism when it needs to create the name for the
- // newest ReplicaSet.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
-}
-
-#DeploymentConditionType: string // #enumDeploymentConditionType
-
-#enumDeploymentConditionType:
- #DeploymentAvailable |
- #DeploymentProgressing |
- #DeploymentReplicaFailure
-
-// Available means the deployment is available, ie. at least the minimum available
-// replicas required are up and running for at least minReadySeconds.
-#DeploymentAvailable: #DeploymentConditionType & "Available"
-
-// Progressing means the deployment is progressing. Progress for a deployment is
-// considered when a new replica set is created or adopted, and when new pods scale
-// up or old pods scale down. Progress is not estimated for paused deployments or
-// when progressDeadlineSeconds is not specified.
-#DeploymentProgressing: #DeploymentConditionType & "Progressing"
-
-// ReplicaFailure is added in a deployment when one of its pods fails to be created
-// or deleted.
-#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
-
-// DeploymentCondition describes the state of a deployment at a certain point.
-#DeploymentCondition: {
- // Type of deployment condition.
- type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // The last time this condition was updated.
- lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
-
- // Last time the condition transitioned from one status to another.
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
-
- // The reason for the condition's last transition.
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// DeploymentList is a list of Deployments.
-#DeploymentList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of Deployments.
- items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
-}
-
-// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
-#DaemonSetUpdateStrategy: {
- // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
- // +optional
- type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
-
- // Rolling update config params. Present only if type = "RollingUpdate".
- //---
- // TODO: Update this to follow our convention for oneOf, whatever we decide it
- // to be. Same as Deployment `strategy.rollingUpdate`.
- // See https://github.com/kubernetes/kubernetes/issues/35345
- // +optional
- rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
-
-#enumDaemonSetUpdateStrategyType:
- #RollingUpdateDaemonSetStrategyType |
- #OnDeleteDaemonSetStrategyType
-
-// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
-#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
-
-// Replace the old daemons only when it's killed
-#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
-
-// Spec to control the desired behavior of daemon set rolling update.
-#RollingUpdateDaemonSet: {
- // The maximum number of DaemonSet pods that can be unavailable during the
- // update. Value can be an absolute number (ex: 5) or a percentage of total
- // number of DaemonSet pods at the start of the update (ex: 10%). Absolute
- // number is calculated from percentage by rounding up.
- // This cannot be 0 if MaxSurge is 0
- // Default value is 1.
- // Example: when this is set to 30%, at most 30% of the total number of nodes
- // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- // can have their pods stopped for an update at any given time. The update
- // starts by stopping at most 30% of those DaemonSet pods and then brings
- // up new DaemonSet pods in their place. Once the new pods are available,
- // it then proceeds onto other DaemonSet pods, thus ensuring that at least
- // 70% of original number of DaemonSet pods are available at all times during
- // the update.
- // +optional
- maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
-
- // The maximum number of nodes with an existing available DaemonSet pod that
- // can have an updated DaemonSet pod during during an update.
- // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- // This can not be 0 if MaxUnavailable is 0.
- // Absolute number is calculated from percentage by rounding up to a minimum of 1.
- // Default value is 0.
- // Example: when this is set to 30%, at most 30% of the total number of nodes
- // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- // can have their a new pod created before the old pod is marked as deleted.
- // The update starts by launching new pods on 30% of nodes. Once an updated
- // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
- // on that node is marked deleted. If the old pod becomes unavailable for any
- // reason (Ready transitions to false, is evicted, or is drained) an updated
- // pod is immediatedly created on that node without considering surge limits.
- // Allowing surge implies the possibility that the resources consumed by the
- // daemonset on any given node can double if the readiness check fails, and
- // so resource intensive daemonsets should take into account that they may
- // cause evictions during disruption.
- // +optional
- maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
-}
-
-// DaemonSetSpec is the specification of a daemon set.
-#DaemonSetSpec: {
- // A label query over pods that are managed by the daemon set.
- // Must match in order to be controlled.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // An object that describes the pod that will be created.
- // The DaemonSet will create exactly one copy of this pod on every node
- // that matches the template's node selector (or on every node if no node
- // selector is specified).
- // The only allowed template.spec.restartPolicy value is "Always".
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
-
- // An update strategy to replace existing DaemonSet pods with new pods.
- // +optional
- updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
-
- // The minimum number of seconds for which a newly created DaemonSet pod should
- // be ready without any of its container crashing, for it to be considered
- // available. Defaults to 0 (pod will be considered available as soon as it
- // is ready).
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // The number of old history to retain to allow rollback.
- // This is a pointer to distinguish between explicit zero and not specified.
- // Defaults to 10.
- // +optional
- revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
-}
-
-// DaemonSetStatus represents the current status of a daemon set.
-#DaemonSetStatus: {
- // The number of nodes that are running at least 1
- // daemon pod and are supposed to run the daemon pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
-
- // The number of nodes that are running the daemon pod, but are
- // not supposed to run the daemon pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
-
- // The total number of nodes that should be running the daemon
- // pod (including nodes correctly running the daemon pod).
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
-
- // numberReady is the number of nodes that should be running the daemon pod and have one
- // or more of the daemon pod running with a Ready Condition.
- numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
-
- // The most recent generation observed by the daemon set controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
-
- // The total number of nodes that are running updated daemon pod
- // +optional
- updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
-
- // The number of nodes that should be running the
- // daemon pod and have one or more of the daemon pod running and
- // available (ready for at least spec.minReadySeconds)
- // +optional
- numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
-
- // The number of nodes that should be running the
- // daemon pod and have none of the daemon pod running and available
- // (ready for at least spec.minReadySeconds)
- // +optional
- numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
-
- // Count of hash collisions for the DaemonSet. The DaemonSet controller
- // uses this field as a collision avoidance mechanism when it needs to
- // create the name for the newest ControllerRevision.
- // +optional
- collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
-
- // Represents the latest available observations of a DaemonSet's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
-}
-
-#DaemonSetConditionType: string
-
-// DaemonSetCondition describes the state of a DaemonSet at a certain point.
-#DaemonSetCondition: {
- // Type of DaemonSet condition.
- type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// DaemonSet represents the configuration of a daemon set.
-#DaemonSet: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The desired behavior of this daemon set.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // The current status of this daemon set. This data may be
- // out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// DefaultDaemonSetUniqueLabelKey is the default label key that is added
-// to existing DaemonSet pods to distinguish between old and new
-// DaemonSet pods during DaemonSet template updates.
-#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
-
-// DaemonSetList is a collection of daemon sets.
-#DaemonSetList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // A list of daemon sets.
- items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
-}
-
-// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
-#ReplicaSet: {
- metav1.#TypeMeta
-
- // If the Labels of a ReplicaSet are empty, they are defaulted to
- // be the same as the Pod(s) that the ReplicaSet manages.
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the specification of the desired behavior of the ReplicaSet.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the most recently observed status of the ReplicaSet.
- // This data may be out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ReplicaSetList is a collection of ReplicaSets.
-#ReplicaSetList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ReplicaSets.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
- items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
-}
-
-// ReplicaSetSpec is the specification of a ReplicaSet.
-#ReplicaSetSpec: {
- // Replicas is the number of desired replicas.
- // This is a pointer to distinguish between explicit zero and unspecified.
- // Defaults to 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // Selector is a label query over pods that should match the replica count.
- // Label keys and values that must match in order to be controlled by this replica set.
- // It must match the pod template's labels.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
-
- // Template is the object that describes the pod that will be created if
- // insufficient replicas are detected.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- // +optional
- template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
-}
-
-// ReplicaSetStatus represents the current status of a ReplicaSet.
-#ReplicaSetStatus: {
- // Replicas is the most recently observed number of replicas.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
- replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
-
- // The number of pods that have labels matching the labels of the pod template of the replicaset.
- // +optional
- fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
-
- // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
-
- // The number of available replicas (ready for at least minReadySeconds) for this replica set.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
-
- // ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // Represents the latest available observations of a replica set's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
-}
-
-#ReplicaSetConditionType: string // #enumReplicaSetConditionType
-
-#enumReplicaSetConditionType:
- #ReplicaSetReplicaFailure
-
-// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
-// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
-// due to kubelet being down or finalizers are failing.
-#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
-
-// ReplicaSetCondition describes the state of a replica set at a certain point.
-#ReplicaSetCondition: {
- // Type of replica set condition.
- type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
-
- // The last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// ControllerRevision implements an immutable snapshot of state data. Clients
-// are responsible for serializing and deserializing the objects that contain
-// their internal state.
-// Once a ControllerRevision has been successfully created, it can not be updated.
-// The API Server will fail validation of all requests that attempt to mutate
-// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
-// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
-// it may be subject to name and representation changes in future releases, and clients should not
-// depend on its stability. It is primarily for internal use by controllers.
-#ControllerRevision: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Data is the serialized representation of the state.
- data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
-
- // Revision indicates the revision of the state represented by Data.
- revision: int64 @go(Revision) @protobuf(3,varint,opt)
-}
-
-// ControllerRevisionList is a resource containing a list of ControllerRevision objects.
-#ControllerRevisionList: {
- metav1.#TypeMeta
-
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of ControllerRevisions
- items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
deleted file mode 100644
index 3a3027906..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
+++ /dev/null
@@ -1,147 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
-// webhook backend fails.
-#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
-
-// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
-#MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
-
-// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
-// in the Annotations of a Pod.
-#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
-
-// TaintsAnnotationKey represents the key of taints data (json serialized)
-// in the Annotations of a Node.
-#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
-
-// SeccompPodAnnotationKey represents the key of a seccomp profile applied
-// to all containers of a pod.
-// Deprecated: set a pod security context `seccompProfile` field.
-#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
-
-// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
-// to one container of a pod.
-// Deprecated: set a container security context `seccompProfile` field.
-#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
-
-// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#SeccompProfileRuntimeDefault: "runtime/default"
-
-// SeccompProfileNameUnconfined is the unconfined seccomp profile.
-#SeccompProfileNameUnconfined: "unconfined"
-
-// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
-#SeccompLocalhostProfileNamePrefix: "localhost/"
-
-// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
-#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
-
-// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
-#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
-
-// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
-#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
-
-// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
-#AppArmorBetaProfileRuntimeDefault: "runtime/default"
-
-// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
-#AppArmorBetaProfileNamePrefix: "localhost/"
-
-// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
-#AppArmorBetaProfileNameUnconfined: "unconfined"
-
-// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
-// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
-#DeprecatedSeccompProfileDockerDefault: "docker/default"
-
-// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
-// in the Annotations of a Node.
-#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
-
-// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
-// an object (e.g. secret, config map) before fetching it again from apiserver.
-// This annotation can be attached to node.
-#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
-
-// annotation key prefix used to identify non-convertible json paths.
-#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
-_#kubectlPrefix: "kubectl.kubernetes.io/"
-
-// LastAppliedConfigAnnotation is the annotation used to store the previous
-// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
-#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
-
-// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
-//
-// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
-// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
-// access only from the CIDRs currently allocated to MIT & the USPS.
-//
-// Not all cloud providers support this annotation, though AWS & GCE do.
-#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
-
-// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
-// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
-// of the last change, of some Pod or Service object, that triggered the endpoints object change.
-// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
-// controller at T1, and the Endpoints object was changed at T2, the
-// EndpointsLastChangeTriggerTime would be set to T0.
-//
-// The "endpoints change trigger" here means any Pod or Service change that resulted in the
-// Endpoints object change.
-//
-// Given the definition of the "endpoints change trigger", please note that this annotation will
-// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
-// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
-// already set).
-//
-// This annotation will be used to compute the in-cluster network programming latency SLI, see
-// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
-#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
-
-// EndpointsOverCapacity will be set on an Endpoints resource when it
-// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
-// controller will set this annotation with a value of "warning". In a
-// future release, the controller may set this annotation with a value of
-// "truncated" to indicate that any addresses exceeding the limit of 1000
-// have been truncated from the Endpoints resource.
-#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
-
-// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
-// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
-// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
-// CSI Backend for a volume plugin on a specific node.
-#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
-
-// PodDeletionCost can be used to set to an int32 that represent the cost of deleting
-// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
-// deletion cost are preferred to be deleted before pods with higher deletion cost.
-// Note that this is honored on a best-effort basis, and so it does not offer guarantees on
-// pod deletion order.
-// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
-//
-// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
-#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
-
-// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable
-// Topology Aware Hints for a Service. This may be set to "Auto" or
-// "Disabled". Any other value is treated as "Disabled". This annotation has
-// been deprecated in favor of the "service.kubernetes.io/topology-mode"
-// annotation.
-#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"
-
-// AnnotationTopologyMode can be used to enable or disable Topology Aware
-// Routing for a Service. Well known values are "Auto" and "Disabled".
-// Implementations may choose to develop new topology approaches, exposing
-// them with domain-prefixed values. For example, "example.com/lowest-rtt"
-// could be a valid implementation-specific value for this annotation. These
-// heuristics will often populate topology hints on EndpointSlices, but that
-// is not a requirement.
-#AnnotationTopologyMode: "service.kubernetes.io/topology-mode"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
deleted file mode 100644
index 2bf1afce0..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-// Package v1 is the v1 version of the core API.
-package v1
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
deleted file mode 100644
index 29c24abce..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#GroupName: ""
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
deleted file mode 100644
index d87edcff5..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
+++ /dev/null
@@ -1,7617 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/api/resource"
- "k8s.io/apimachinery/pkg/util/intstr"
- "k8s.io/apimachinery/pkg/types"
-)
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats)
-#NamespaceNodeLease: "kube-node-lease"
-
-// Volume represents a named volume in a pod that may be accessed by any container in the pod.
-#Volume: {
- // name of the volume.
- // Must be a DNS_LABEL and unique within the pod.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- #VolumeSource
-}
-
-// Represents the source of a volume to mount.
-// Only one of its members may be specified.
-#VolumeSource: {
- // hostPath represents a pre-existing file or directory on the host
- // machine that is directly exposed to the container. This is generally
- // used for system agents or other privileged things that are allowed
- // to see the host machine. Most containers will NOT need this.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // ---
- // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- // mount host directories as read/write.
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt)
-
- // emptyDir represents a temporary directory that shares a pod's lifetime.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt)
-
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt)
-
- // gitRepo represents a git repository at a particular revision.
- // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- // into the Pod's container.
- // +optional
- gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt)
-
- // secret represents a secret that should populate this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt)
-
- // nfs represents an NFS mount on the host that shares a pod's lifetime
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://examples.k8s.io/volumes/iscsi/README.md
- // +optional
- iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt)
-
- // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt)
-
- // persistentVolumeClaimVolumeSource represents a reference to a
- // PersistentVolumeClaim in the same namespace.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt)
-
- // downwardAPI represents downward API about the pod that should populate this volume
- // +optional
- downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt)
-
- // configMap represents a configMap that should populate this volume
- // +optional
- configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt)
-
- // projected items for all in one resources secrets, configmaps, and downward API
- projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt)
-
- // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
- // +optional
- storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt)
-
- // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
- // +optional
- csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt)
-
- // ephemeral represents a volume that is handled by a cluster storage driver.
- // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- // and deleted when the pod is removed.
- //
- // Use this if:
- // a) the volume is only needed while the pod runs,
- // b) features of normal volumes like restoring from snapshot or capacity
- // tracking are needed,
- // c) the storage driver is specified through a storage class, and
- // d) the storage driver supports dynamic volume provisioning through
- // a PersistentVolumeClaim (see EphemeralVolumeSource for more
- // information on the connection between this volume type
- // and PersistentVolumeClaim).
- //
- // Use PersistentVolumeClaim or one of the vendor-specific
- // APIs for volumes that persist for longer than the lifecycle
- // of an individual pod.
- //
- // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- // be used that way - see the documentation of the driver for
- // more information.
- //
- // A pod can use both types of ephemeral volumes and
- // persistent volumes at the same time.
- //
- // +optional
- ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt)
-}
-
-// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
-// This volume finds the bound PV and mounts that volume for the pod. A
-// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another
-// type of volume that is owned by someone else (the system).
-#PersistentVolumeClaimVolumeSource: {
- // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- claimName: string @go(ClaimName) @protobuf(1,bytes,opt)
-
- // readOnly Will force the ReadOnly setting in VolumeMounts.
- // Default false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-}
-
-// PersistentVolumeSource is similar to VolumeSource but meant for the
-// administrator who creates PVs. Exactly one of its members must be set.
-#PersistentVolumeSource: {
- // gcePersistentDisk represents a GCE Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt)
-
- // awsElasticBlockStore represents an AWS Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt)
-
- // hostPath represents a directory on the host.
- // Provisioned by a developer or tester.
- // This is useful for single-node development and testing only!
- // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt)
-
- // glusterfs represents a Glusterfs volume that is attached to a host and
- // exposed to the pod. Provisioned by an admin.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md
- // +optional
- glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt)
-
- // nfs represents an NFS mount on the host. Provisioned by an admin.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt)
-
- // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- // More info: https://examples.k8s.io/volumes/rbd/README.md
- // +optional
- rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt)
-
- // iscsi represents an ISCSI Disk resource that is attached to a
- // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
- // +optional
- iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt)
-
- // cinder represents a cinder volume attached and mounted on kubelets host machine.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt)
-
- // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- // +optional
- cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt)
-
- // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- // +optional
- fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt)
-
- // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
- // +optional
- flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt)
-
- // flexVolume represents a generic volume resource that is
- // provisioned/attached using an exec based plugin.
- // +optional
- flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt)
-
- // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- // +optional
- azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt)
-
- // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- // +optional
- vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt)
-
- // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- // +optional
- quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt)
-
- // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- // +optional
- azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt)
-
- // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt)
-
- // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
- // +optional
- portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt)
-
- // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- // +optional
- scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt)
-
- // local represents directly-attached storage with node affinity
- // +optional
- local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt)
-
- // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod
- // More info: https://examples.k8s.io/volumes/storageos/README.md
- // +optional
- storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt)
-
- // csi represents storage that is handled by an external CSI driver (Beta feature).
- // +optional
- csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt)
-}
-
-// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation.
-// It's currently still used and will be held for backwards compatibility
-#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class"
-
-// MountOptionAnnotation defines mount option annotation used in PVs
-#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options"
-
-// PersistentVolume (PV) is a storage resource provisioned by an administrator.
-// It is analogous to a node.
-// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
-#PersistentVolume: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines a specification of a persistent volume owned by the cluster.
- // Provisioned by an administrator.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status for the persistent volume.
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
- // +optional
- status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeSpec is the specification of a persistent volume.
-#PersistentVolumeSpec: {
- // capacity is the description of the persistent volume's resources and capacity.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- #PersistentVolumeSource
-
- // accessModes contains all ways the volume can be mounted.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
- // Expected to be non-nil when bound.
- // claim.VolumeName is the authoritative bind between PV and PVC.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
- // +optional
- // +structType=granular
- claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt)
-
- // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim.
- // Valid options are Retain (default for manually created PersistentVolumes), Delete (default
- // for dynamically provisioned PersistentVolumes), and Recycle (deprecated).
- // Recycle must be supported by the volume plugin underlying this PersistentVolume.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
- // +optional
- persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy)
-
- // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value
- // means that this volume does not belong to any StorageClass.
- // +optional
- storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt)
-
- // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
- // simply fail if one is invalid.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
- // +optional
- mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt)
-
- // volumeMode defines if a volume is intended to be used with a formatted filesystem
- // or to remain in raw block state. Value of Filesystem is implied when not included in spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode)
-
- // nodeAffinity defines constraints that limit what nodes this volume can be accessed from.
- // This field influences the scheduling of pods that use this volume.
- // +optional
- nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt)
-}
-
-// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
-#VolumeNodeAffinity: {
- // required specifies hard node constraints that must be met.
- required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes.
-// +enum
-#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy
-
-#enumPersistentVolumeReclaimPolicy:
- #PersistentVolumeReclaimRecycle |
- #PersistentVolumeReclaimDelete |
- #PersistentVolumeReclaimRetain
-
-// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim.
-// The volume plugin must support Recycling.
-#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle"
-
-// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim.
-// The volume plugin must support Deletion.
-#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete"
-
-// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator.
-// The default policy is Retain.
-#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain"
-
-// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem.
-// +enum
-#PersistentVolumeMode: string // #enumPersistentVolumeMode
-
-#enumPersistentVolumeMode:
- #PersistentVolumeBlock |
- #PersistentVolumeFilesystem
-
-// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device.
-#PersistentVolumeBlock: #PersistentVolumeMode & "Block"
-
-// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem.
-#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem"
-
-// PersistentVolumeStatus is the current status of a persistent volume.
-#PersistentVolumeStatus: {
- // phase indicates if a volume is available, bound to a claim, or released by a claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
- // +optional
- phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase)
-
- // message is a human-readable message indicating details about why the volume is in this state.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // reason is a brief CamelCase string that describes any failure and is meant
- // for machine parsing and tidy display in the CLI.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // lastPhaseTransitionTime is the time the phase transitioned from one to another
- // and automatically resets to current time everytime a volume phase transitions.
- // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
- // +featureGate=PersistentVolumeLastPhaseTransitionTime
- // +optional
- lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeList is a list of PersistentVolume items.
-#PersistentVolumeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volumes.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
- items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaim is a user's request for and claim to a persistent volume
-#PersistentVolumeClaim: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // spec defines the desired characteristics of a volume requested by a pod author.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // status represents the current information/status of a persistent volume claim.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- // +optional
- status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
-#PersistentVolumeClaimList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items is a list of persistent volume claims.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep)
-}
-
-// PersistentVolumeClaimSpec describes the common attributes of storage devices
-// and allows a Source for provider-specific attributes
-#PersistentVolumeClaimSpec: {
- // accessModes contains the desired access modes the volume should have.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // selector is a label query over volumes to consider for binding.
- // +optional
- selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // resources represents the minimum resources the volume should have.
- // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- // that are lower than previous value but must still be higher than capacity recorded in the
- // status field of the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt)
-
- // volumeName is the binding reference to the PersistentVolume backing this claim.
- // +optional
- volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt)
-
- // storageClassName is the name of the StorageClass required by the claim.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- // +optional
- storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt)
-
- // volumeMode defines what type of volume is required by the claim.
- // Value of Filesystem is implied when not included in claim spec.
- // +optional
- volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode)
-
- // dataSource field can be used to specify either:
- // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- // * An existing PVC (PersistentVolumeClaim)
- // If the provisioner or an external controller can support the specified data source,
- // it will create a new volume based on the contents of the specified data source.
- // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- // If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- // +optional
- dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt)
-
- // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- // volume is desired. This may be any object from a non-empty API group (non
- // core object) or a PersistentVolumeClaim object.
- // When this field is specified, volume binding will only succeed if the type of
- // the specified object matches some installed volume populator or dynamic
- // provisioner.
- // This field will replace the functionality of the dataSource field and as such
- // if both fields are non-empty, they must have the same value. For backwards
- // compatibility, when namespace isn't specified in dataSourceRef,
- // both fields (dataSource and dataSourceRef) will be set to the same
- // value automatically if one of them is empty and the other is non-empty.
- // When namespace is specified in dataSourceRef,
- // dataSource isn't set to the same value and must be empty.
- // There are three important differences between dataSource and dataSourceRef:
- // * While dataSource only allows two specific types of objects, dataSourceRef
- // allows any non-core object, as well as PersistentVolumeClaim objects.
- // * While dataSource ignores disallowed values (dropping them), dataSourceRef
- // preserves all values, and generates an error if a disallowed value is
- // specified.
- // * While dataSource only allows local objects, dataSourceRef allows objects
- // in any namespaces.
- // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +optional
- dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt)
-}
-
-#TypedObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // Namespace is the namespace of resource being referenced
- // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- // +featureGate=CrossNamespaceVolumeDataSource
- // +optional
- namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt)
-}
-
-// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
-#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType
-
-#enumPersistentVolumeClaimConditionType:
- #PersistentVolumeClaimResizing |
- #PersistentVolumeClaimFileSystemResizePending
-
-// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started
-#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing"
-
-// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node
-#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending"
-
-// +enum
-// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
-// that it does not recognizes, then it should ignore that update and let other controllers
-// handle it.
-#ClaimResourceStatus: string // #enumClaimResourceStatus
-
-#enumClaimResourceStatus:
- #PersistentVolumeClaimControllerResizeInProgress |
- #PersistentVolumeClaimControllerResizeFailed |
- #PersistentVolumeClaimNodeResizePending |
- #PersistentVolumeClaimNodeResizeInProgress |
- #PersistentVolumeClaimNodeResizeFailed
-
-// State set when resize controller starts resizing the volume in control-plane.
-#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress"
-
-// State set when resize has failed in resize controller with a terminal error.
-// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus
-// unmodified, so as resize controller can resume the volume expansion.
-#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed"
-
-// State set when resize controller has finished resizing the volume but further resizing of volume
-// is needed on the node.
-#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending"
-
-// State set when kubelet starts resizing the volume.
-#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress"
-
-// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed
-#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed"
-
-// PersistentVolumeClaimCondition contains details about state of pvc
-#PersistentVolumeClaimCondition: {
- type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType)
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // lastProbeTime is the time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // lastTransitionTime is the time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason is a unique, this should be a short, machine understandable string that gives the reason
- // for condition's last transition. If it reports "ResizeStarted" that means the underlying
- // persistent volume is being resized.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is the human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
-#PersistentVolumeClaimStatus: {
- // phase represents the current phase of PersistentVolumeClaim.
- // +optional
- phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase)
-
- // accessModes contains the actual access modes the volume backing the PVC has.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- // +optional
- accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode)
-
- // capacity represents the actual resources of the underlying volume.
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
- // resized then the Condition will be set to 'ResizeStarted'.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep)
-
- // allocatedResources tracks the resources allocated to a PVC including its capacity.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // Capacity reported here may be larger than the actual capacity when a volume expansion operation
- // is requested.
- // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
- // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
- // If a volume expansion capacity request is lowered, allocatedResources is only
- // lowered if there are no expansion operations in progress and if the actual volume capacity
- // is equal or lower than the requested capacity.
- //
- // A controller that receives PVC update with previously unknown resourceName
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // allocatedResourceStatuses stores status of resource being resized for the given PVC.
- // Key names follow standard Kubernetes label syntax. Valid values are either:
- // * Un-prefixed keys:
- // - storage - the capacity of the volume.
- // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
- // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
- // reserved and hence may not be used.
- //
- // ClaimResourceStatus can be in any of following states:
- // - ControllerResizeInProgress:
- // State set when resize controller starts resizing the volume in control-plane.
- // - ControllerResizeFailed:
- // State set when resize has failed in resize controller with a terminal error.
- // - NodeResizePending:
- // State set when resize controller has finished resizing the volume but further resizing of
- // volume is needed on the node.
- // - NodeResizeInProgress:
- // State set when kubelet starts resizing the volume.
- // - NodeResizeFailed:
- // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
- // NodeResizeFailed.
- // For example: if expanding a PVC for more capacity - this field can be one of the following states:
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
- // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
- // When this field is not set, it means that no resize operation is in progress for the given PVC.
- //
- // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
- // should ignore the update for the purpose it was designed. For example - a controller that
- // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
- // resources associated with PVC.
- //
- // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- // +featureGate=RecoverVolumeExpansionFailure
- // +mapType=granular
- // +optional
- allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep)
-}
-
-// +enum
-#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode
-
-#enumPersistentVolumeAccessMode:
- #ReadWriteOnce |
- #ReadOnlyMany |
- #ReadWriteMany |
- #ReadWriteOncePod
-
-// can be mounted in read/write mode to exactly 1 host
-#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce"
-
-// can be mounted in read-only mode to many hosts
-#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany"
-
-// can be mounted in read/write mode to many hosts
-#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany"
-
-// can be mounted in read/write mode to exactly 1 pod
-// cannot be used in combination with other access modes
-#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod"
-
-// +enum
-#PersistentVolumePhase: string // #enumPersistentVolumePhase
-
-#enumPersistentVolumePhase:
- #VolumePending |
- #VolumeAvailable |
- #VolumeBound |
- #VolumeReleased |
- #VolumeFailed
-
-// used for PersistentVolumes that are not available
-#VolumePending: #PersistentVolumePhase & "Pending"
-
-// used for PersistentVolumes that are not yet bound
-// Available volumes are held by the binder and matched to PersistentVolumeClaims
-#VolumeAvailable: #PersistentVolumePhase & "Available"
-
-// used for PersistentVolumes that are bound
-#VolumeBound: #PersistentVolumePhase & "Bound"
-
-// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted
-// released volumes must be recycled before becoming available again
-// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource
-#VolumeReleased: #PersistentVolumePhase & "Released"
-
-// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim
-#VolumeFailed: #PersistentVolumePhase & "Failed"
-
-// +enum
-#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase
-
-#enumPersistentVolumeClaimPhase:
- #ClaimPending |
- #ClaimBound |
- #ClaimLost
-
-// used for PersistentVolumeClaims that are not yet bound
-#ClaimPending: #PersistentVolumeClaimPhase & "Pending"
-
-// used for PersistentVolumeClaims that are bound
-#ClaimBound: #PersistentVolumeClaimPhase & "Bound"
-
-// used for PersistentVolumeClaims that lost their underlying
-// PersistentVolume. The claim was bound to a PersistentVolume and this
-// volume does not exist any longer and all data on it was lost.
-#ClaimLost: #PersistentVolumeClaimPhase & "Lost"
-
-// +enum
-#HostPathType: string // #enumHostPathType
-
-#enumHostPathType:
- #HostPathUnset |
- #HostPathDirectoryOrCreate |
- #HostPathDirectory |
- #HostPathFileOrCreate |
- #HostPathFile |
- #HostPathSocket |
- #HostPathCharDev |
- #HostPathBlockDev
-
-// For backwards compatible, leave it empty if unset
-#HostPathUnset: #HostPathType & ""
-
-// If nothing exists at the given path, an empty directory will be created there
-// as needed with file mode 0755, having the same group and ownership with Kubelet.
-#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate"
-
-// A directory must exist at the given path
-#HostPathDirectory: #HostPathType & "Directory"
-
-// If nothing exists at the given path, an empty file will be created there
-// as needed with file mode 0644, having the same group and ownership with Kubelet.
-#HostPathFileOrCreate: #HostPathType & "FileOrCreate"
-
-// A file must exist at the given path
-#HostPathFile: #HostPathType & "File"
-
-// A UNIX socket must exist at the given path
-#HostPathSocket: #HostPathType & "Socket"
-
-// A character device must exist at the given path
-#HostPathCharDev: #HostPathType & "CharDevice"
-
-// A block device must exist at the given path
-#HostPathBlockDev: #HostPathType & "BlockDevice"
-
-// Represents a host path mapped into a pod.
-// Host path volumes do not support ownership management or SELinux relabeling.
-#HostPathVolumeSource: {
- // path of the directory on the host.
- // If the path is a symlink, it will follow the link to the real path.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // type for HostPath Volume
- // Defaults to ""
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- // +optional
- type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt)
-}
-
-// Represents an empty directory for a pod.
-// Empty directory volumes support ownership management and SELinux relabeling.
-#EmptyDirVolumeSource: {
- // medium represents what type of storage medium should back this directory.
- // The default is "" which means to use the node's default medium.
- // Must be an empty string (default) or Memory.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium)
-
- // sizeLimit is the total amount of local storage required for this EmptyDir volume.
- // The size limit is also applicable for memory medium.
- // The maximum usage on memory medium EmptyDir would be the minimum value between
- // the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- // The default is nil which means that the limit is undefined.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- // +optional
- sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents a Glusterfs mount that lasts the lifetime of a pod.
-// Glusterfs volumes do not support ownership management or SELinux relabeling.
-#GlusterfsPersistentVolumeSource: {
- // endpoints is the endpoint name that details Glusterfs topology.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt)
-
- // path is the Glusterfs volume path.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // endpointsNamespace is the namespace that contains Glusterfs endpoint.
- // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
- // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- // +optional
- endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a Rados Block Device mount that lasts the lifetime of a pod.
-// RBD volumes support ownership management and SELinux relabeling.
-#RBDPersistentVolumeSource: {
- // monitors is a collection of Ceph monitors.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep)
-
- // image is the rados image name.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- image: string @go(RBDImage) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // pool is the rados pool name.
- // Default is rbd.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- pool?: string @go(RBDPool) @protobuf(4,bytes,opt)
-
- // user is the rados user name.
- // Default is admin.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- user?: string @go(RadosUser) @protobuf(5,bytes,opt)
-
- // keyring is the path to key ring for RBDUser.
- // Default is /etc/ceph/keyring.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- keyring?: string @go(Keyring) @protobuf(6,bytes,opt)
-
- // secretRef is name of the authentication secret for RBDUser. If provided
- // overrides keyring.
- // Default is nil.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a cinder volume resource in Openstack.
-// A Cinder volume must exist before mounting to a container.
-// The volume must also be in the same region as the kubelet.
-// Cinder volumes support ownership management and SELinux relabeling.
-#CinderPersistentVolumeSource: {
- // volumeID used to identify the volume in cinder.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretRef is Optional: points to a secret object containing parameters used to connect
- // to OpenStack.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// SecretReference represents a Secret Reference. It has enough information to retrieve secret
-// in any namespace
-// +structType=atomic
-#SecretReference: {
- // name is unique within a namespace to reference a secret resource.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // namespace defines the space within which the secret name must be unique.
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-}
-
-// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
-// Cephfs volumes do not support ownership management or SELinux relabeling.
-#CephFSPersistentVolumeSource: {
- // monitors is Required: Monitors is a collection of Ceph monitors
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep)
-
- // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- // +optional
- path?: string @go(Path) @protobuf(2,bytes,opt)
-
- // user is Optional: User is the rados user name, default is admin
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- user?: string @go(User) @protobuf(3,bytes,opt)
-
- // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-}
-
-// Represents a Flocker volume mounted by the Flocker agent.
-// One and only one of datasetName and datasetUUID should be set.
-// Flocker volumes do not support ownership management or SELinux relabeling.
-#FlockerVolumeSource: {
- // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- // should be considered as deprecated
- // +optional
- datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt)
-
- // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
- // +optional
- datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt)
-}
-
-// StorageMedium defines ways that storage can be allocated to a volume.
-#StorageMedium: string // #enumStorageMedium
-
-#enumStorageMedium:
- #StorageMediumDefault |
- #StorageMediumMemory |
- #StorageMediumHugePages |
- #StorageMediumHugePagesPrefix
-
-#StorageMediumDefault: #StorageMedium & ""
-#StorageMediumMemory: #StorageMedium & "Memory"
-#StorageMediumHugePages: #StorageMedium & "HugePages"
-#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-"
-
-// Protocol defines network protocols supported for things like container ports.
-// +enum
-#Protocol: string // #enumProtocol
-
-#enumProtocol:
- #ProtocolTCP |
- #ProtocolUDP |
- #ProtocolSCTP
-
-// ProtocolTCP is the TCP protocol.
-#ProtocolTCP: #Protocol & "TCP"
-
-// ProtocolUDP is the UDP protocol.
-#ProtocolUDP: #Protocol & "UDP"
-
-// ProtocolSCTP is the SCTP protocol.
-#ProtocolSCTP: #Protocol & "SCTP"
-
-// Represents a Persistent Disk resource in Google Compute Engine.
-//
-// A GCE PD must exist before mounting to a container. The disk must
-// also be in the same GCE project and zone as the kubelet. A GCE PD
-// can only be mounted as read/write once or read-only many times. GCE
-// PDs support ownership management and SELinux relabeling.
-#GCEPersistentDiskVolumeSource: {
- // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName: string @go(PDName) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a Quobyte mount that lasts the lifetime of a pod.
-// Quobyte volumes do not support ownership management or SELinux relabeling.
-#QuobyteVolumeSource: {
- // registry represents a single or multiple Quobyte Registry services
- // specified as a string as host:port pair (multiple entries are separated with commas)
- // which acts as the central registry for volumes
- registry: string @go(Registry) @protobuf(1,bytes,opt)
-
- // volume is a string that references an already created Quobyte volume by name.
- volume: string @go(Volume) @protobuf(2,bytes,opt)
-
- // readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // user to map volume access to
- // Defaults to serivceaccount user
- // +optional
- user?: string @go(User) @protobuf(4,bytes,opt)
-
- // group to map volume access to
- // Default is no group
- // +optional
- group?: string @go(Group) @protobuf(5,bytes,opt)
-
- // tenant owning the given Quobyte volume in the Backend
- // Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- // +optional
- tenant?: string @go(Tenant) @protobuf(6,bytes,opt)
-}
-
-// FlexPersistentVolumeSource represents a generic persistent volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: SecretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// FlexVolume represents a generic volume resource that is
-// provisioned/attached using an exec based plugin.
-#FlexVolumeSource: {
- // driver is the name of the driver to use for this volume.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // secretRef is Optional: secretRef is reference to the secret object containing
- // sensitive information to pass to the plugin scripts. This may be
- // empty if no secret object is specified. If the secret object
- // contains more than one secret, all secrets are passed to the plugin
- // scripts.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // options is Optional: this field holds extra command options if any.
- // +optional
- options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep)
-}
-
-// Represents a Persistent Disk resource in AWS.
-//
-// An AWS EBS disk must exist before mounting to a container. The disk
-// must also be in the same AWS zone as the kubelet. An AWS EBS disk
-// can only be mounted as read/write once. AWS EBS volumes support
-// ownership management and SELinux relabeling.
-#AWSElasticBlockStoreVolumeSource: {
- // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // partition is the partition in the volume that you want to mount.
- // If omitted, the default is to mount by volume name.
- // Examples: For volume /dev/sda1, you specify the partition as "1".
- // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- // +optional
- partition?: int32 @go(Partition) @protobuf(3,varint,opt)
-
- // readOnly value true will force the readOnly setting in VolumeMounts.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-}
-
-// Represents a volume that is populated with the contents of a git repository.
-// Git repo volumes do not support ownership management.
-// Git repo volumes support SELinux relabeling.
-//
-// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
-// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
-// into the Pod's container.
-#GitRepoVolumeSource: {
- // repository is the URL
- repository: string @go(Repository) @protobuf(1,bytes,opt)
-
- // revision is the commit hash for the specified revision.
- // +optional
- revision?: string @go(Revision) @protobuf(2,bytes,opt)
-
- // directory is the target directory name.
- // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- // git repository. Otherwise, if specified, the volume will contain the git repository in
- // the subdirectory with the given name.
- // +optional
- directory?: string @go(Directory) @protobuf(3,bytes,opt)
-}
-
-// Adapts a Secret into a volume.
-//
-// The contents of the target Secret's Data field will be presented in a volume
-// as files using the keys in the Data field as the file names.
-// Secret volumes support ownership management and SELinux relabeling.
-#SecretVolumeSource: {
- // secretName is the name of the secret in the pod's namespace to use.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- // +optional
- secretName?: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // items If unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values
- // for mode bits. Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt)
-
- // optional field specify whether the Secret or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#SecretVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a secret into a projected volume.
-//
-// The contents of the target Secret's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names.
-// Note that this is identical to a secret volume source without the default
-// mode.
-#SecretProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // Secret will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the Secret,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional field specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// Represents an NFS mount that lasts the lifetime of a pod.
-// NFS volumes do not support ownership management or SELinux relabeling.
-#NFSVolumeSource: {
- // server is the hostname or IP address of the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server: string @go(Server) @protobuf(1,bytes,opt)
-
- // path that is exported by the NFS server.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // readOnly here will force the NFS export to be mounted with read-only permissions.
- // Defaults to false.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// Represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is the target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun represents iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// ISCSIPersistentVolumeSource represents an ISCSI disk.
-// ISCSI volumes can only be mounted as read/write once.
-// ISCSI volumes support ownership management and SELinux relabeling.
-#ISCSIPersistentVolumeSource: {
- // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt)
-
- // iqn is Target iSCSI Qualified Name.
- iqn: string @go(IQN) @protobuf(2,bytes,opt)
-
- // lun is iSCSI Target Lun number.
- lun: int32 @go(Lun) @protobuf(3,varint,opt)
-
- // iscsiInterface is the interface Name that uses an iSCSI transport.
- // Defaults to 'default' (tcp).
- // +optional
- iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt)
-
- // fsType is the filesystem type of the volume that you want to mount.
- // Tip: Ensure that the filesystem type is supported by the host operating system.
- // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(5,bytes,opt)
-
- // readOnly here will force the ReadOnly setting in VolumeMounts.
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt)
-
- // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port
- // is other than default (typically TCP ports 860 and 3260).
- // +optional
- portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt)
-
- // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- // +optional
- chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt)
-
- // chapAuthSession defines whether support iSCSI Session CHAP authentication
- // +optional
- chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt)
-
- // secretRef is the CHAP Secret for iSCSI target and initiator authentication
- // +optional
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt)
-
- // initiatorName is the custom iSCSI Initiator Name.
- // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- // : will be created for the connection.
- // +optional
- initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt)
-}
-
-// Represents a Fibre Channel volume.
-// Fibre Channel volumes can only be mounted as read/write once.
-// Fibre Channel volumes support ownership management and SELinux relabeling.
-#FCVolumeSource: {
- // targetWWNs is Optional: FC target worldwide names (WWNs)
- // +optional
- targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep)
-
- // lun is Optional: FC target lun number
- // +optional
- lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // TODO: how do we prevent errors in the filesystem from compromising the machine
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // wwids Optional: FC volume world wide identifiers (wwids)
- // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- // +optional
- wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFileVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
-#AzureFilePersistentVolumeSource: {
- // secretName is the name of secret that contains Azure Storage Account Name and Key
- secretName: string @go(SecretName) @protobuf(1,bytes,opt)
-
- // shareName is the azure Share Name
- shareName: string @go(ShareName) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key
- // default is the same as the Pod
- // +optional
- secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt)
-}
-
-// Represents a vSphere volume resource.
-#VsphereVirtualDiskVolumeSource: {
- // volumePath is the path that identifies vSphere volume vmdk
- volumePath: string @go(VolumePath) @protobuf(1,bytes,opt)
-
- // fsType is filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // storagePolicyName is the storage Policy Based Management (SPBM) profile name.
- // +optional
- storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt)
-
- // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
- // +optional
- storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt)
-}
-
-// Represents a Photon Controller persistent disk resource.
-#PhotonPersistentDiskVolumeSource: {
- // pdID is the ID that identifies Photon Controller persistent disk
- pdID: string @go(PdID) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-}
-
-// +enum
-#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode
-
-#enumAzureDataDiskCachingMode:
- #AzureDataDiskCachingNone |
- #AzureDataDiskCachingReadOnly |
- #AzureDataDiskCachingReadWrite
-
-// +enum
-#AzureDataDiskKind: string // #enumAzureDataDiskKind
-
-#enumAzureDataDiskKind:
- #AzureSharedBlobDisk |
- #AzureDedicatedBlobDisk |
- #AzureManagedDisk
-
-#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None"
-#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly"
-#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite"
-#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared"
-#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated"
-#AzureManagedDisk: #AzureDataDiskKind & "Managed"
-
-// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
-#AzureDiskVolumeSource: {
- // diskName is the Name of the data disk in the blob storage
- diskName: string @go(DiskName) @protobuf(1,bytes,opt)
-
- // diskURI is the URI of data disk in the blob storage
- diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt)
-
- // cachingMode is the Host Caching mode: None, Read Only, Read Write.
- // +optional
- cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode)
-
- // fsType is Filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt)
-
- // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
- kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind)
-}
-
-// PortworxVolumeSource represents a Portworx volume resource.
-#PortworxVolumeSource: {
- // volumeID uniquely identifies a Portworx volume
- volumeID: string @go(VolumeID) @protobuf(1,bytes,opt)
-
- // fSType represents the filesystem type to mount
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- fsType?: string @go(FSType) @protobuf(2,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-}
-
-// ScaleIOVolumeSource represents a persistent ScaleIO volume
-#ScaleIOVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt)
-
- // sslEnabled Flag enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly Defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
-#ScaleIOPersistentVolumeSource: {
- // gateway is the host address of the ScaleIO API Gateway.
- gateway: string @go(Gateway) @protobuf(1,bytes,opt)
-
- // system is the name of the storage system as configured in ScaleIO.
- system: string @go(System) @protobuf(2,bytes,opt)
-
- // secretRef references to the secret for ScaleIO user and other
- // sensitive information. If this is not provided, Login operation will fail.
- secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt)
-
- // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
- // +optional
- sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt)
-
- // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- // +optional
- protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt)
-
- // storagePool is the ScaleIO Storage Pool associated with the protection domain.
- // +optional
- storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt)
-
- // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- // Default is ThinProvisioned.
- // +optional
- storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt)
-
- // volumeName is the name of a volume already created in the ScaleIO system
- // that is associated with this volume source.
- volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // Default is "xfs"
- // +optional
- fsType?: string @go(FSType) @protobuf(9,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents a StorageOS persistent volume resource.
-#StorageOSPersistentVolumeSource: {
- // volumeName is the human-readable name of the StorageOS volume. Volume
- // names are only unique within a namespace.
- volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt)
-
- // volumeNamespace specifies the scope of the volume within StorageOS. If no
- // namespace is specified then the Pod's namespace will be used. This allows the
- // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- // Set VolumeName to any name to override the default behaviour.
- // Set to "default" if you are not using namespaces within StorageOS.
- // Namespaces that do not pre-exist within StorageOS will be created.
- // +optional
- volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- // +optional
- fsType?: string @go(FSType) @protobuf(3,bytes,opt)
-
- // readOnly defaults to false (read/write). ReadOnly here will force
- // the ReadOnly setting in VolumeMounts.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt)
-
- // secretRef specifies the secret to use for obtaining the StorageOS API
- // credentials. If not specified, default values will be attempted.
- // +optional
- secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Adapts a ConfigMap into a volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// volume as files using the keys in the Data field as the file names, unless
-// the items element is populated with specific mappings of keys to paths.
-// ConfigMap volumes support ownership management and SELinux relabeling.
-#ConfigMapVolumeSource: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // defaultMode is optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-#ConfigMapVolumeSourceDefaultMode: int32 & 0o644
-
-// Adapts a ConfigMap into a projected volume.
-//
-// The contents of the target ConfigMap's Data field will be presented in a
-// projected volume as files using the keys in the Data field as the file names,
-// unless the items element is populated with specific mappings of keys to paths.
-// Note that this is identical to a configmap volume source without the default
-// mode.
-#ConfigMapProjection: {
- #LocalObjectReference
-
- // items if unspecified, each key-value pair in the Data field of the referenced
- // ConfigMap will be projected into the volume as a file whose name is the
- // key and content is the value. If specified, the listed keys will be
- // projected into the specified paths, and unlisted keys will not be
- // present. If a key is specified which is not present in the ConfigMap,
- // the volume setup will error unless it is marked optional. Paths must be
- // relative and may not contain the '..' path or start with '..'.
- // +optional
- items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep)
-
- // optional specify whether the ConfigMap or its keys must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountTokenProjection represents a projected service account token
-// volume. This projection can be used to insert a service account token into
-// the pods runtime filesystem for use against APIs (Kubernetes API Server or
-// otherwise).
-#ServiceAccountTokenProjection: {
- // audience is the intended audience of the token. A recipient of a token
- // must identify itself with an identifier specified in the audience of the
- // token, and otherwise should reject the token. The audience defaults to the
- // identifier of the apiserver.
- // +optional
- audience?: string @go(Audience) @protobuf(1,bytes,rep)
-
- // expirationSeconds is the requested duration of validity of the service
- // account token. As the token approaches expiration, the kubelet volume
- // plugin will proactively rotate the service account token. The kubelet will
- // start trying to rotate the token if the token is older than 80 percent of
- // its time to live or if the token is older than 24 hours.Defaults to 1 hour
- // and must be at least 10 minutes.
- // +optional
- expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt)
-
- // path is the path relative to the mount point of the file to project the
- // token into.
- path: string @go(Path) @protobuf(3,bytes,opt)
-}
-
-// Represents a projected volume source
-#ProjectedVolumeSource: {
- // sources is the list of volume projections
- // +optional
- sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep)
-
- // defaultMode are the mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-// Projection that may be projected along with other supported volume types
-#VolumeProjection: {
- // secret information about the secret data to project
- // +optional
- secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt)
-
- // downwardAPI information about the downwardAPI data to project
- // +optional
- downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt)
-
- // configMap information about the configMap data to project
- // +optional
- configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt)
-
- // serviceAccountToken is information about the serviceAccountToken data to project
- // +optional
- serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt)
-}
-
-#ProjectedVolumeSourceDefaultMode: int32 & 0o644
-
-// Maps a string key to a path within a volume.
-#KeyToPath: {
- // key is the key to project.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // path is the relative path of the file to map the key to.
- // May not be an absolute path.
- // May not contain the path element '..'.
- // May not start with the string '..'.
- path: string @go(Path) @protobuf(2,bytes,opt)
-
- // mode is Optional: mode bits used to set permissions on this file.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt)
-}
-
-// Local represents directly-attached storage with node affinity (Beta feature)
-#LocalVolumeSource: {
- // path of the full path to the volume on the node.
- // It can be either a directory or block device (disk, partition, ...).
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // fsType is the filesystem type to mount.
- // It applies only when the Path is a block device.
- // Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt)
-}
-
-// Represents storage that is managed by an external CSI volume driver (Beta feature)
-#CSIPersistentVolumeSource: {
- // driver is the name of the driver to use for this volume.
- // Required.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // volumeHandle is the unique volume name returned by the CSI volume
- // plugin’s CreateVolume to refer to the volume on all subsequent calls.
- // Required.
- volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt)
-
- // readOnly value to pass to ControllerPublishVolumeRequest.
- // Defaults to false (read/write).
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt)
-
- // fsType to mount. Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs".
- // +optional
- fsType?: string @go(FSType) @protobuf(4,bytes,opt)
-
- // volumeAttributes of the volume to publish.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep)
-
- // controllerPublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerPublishVolume and ControllerUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt)
-
- // nodeStageSecretRef is a reference to the secret object containing sensitive
- // information to pass to the CSI driver to complete the CSI NodeStageVolume
- // and NodeStageVolume and NodeUnstageVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt)
-
- // controllerExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // ControllerExpandVolume call.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +optional
- controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt)
-
- // nodeExpandSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodeExpandVolume call.
- // This is a beta field which is enabled default by CSINodeExpandSecret feature gate.
- // This field is optional, may be omitted if no secret is required. If the
- // secret object contains more than one secret, all secrets are passed.
- // +featureGate=CSINodeExpandSecret
- // +optional
- nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt)
-}
-
-// Represents a source location of a volume to mount, managed by an external CSI driver
-#CSIVolumeSource: {
- // driver is the name of the CSI driver that handles this volume.
- // Consult with your admin for the correct name as registered in the cluster.
- driver: string @go(Driver) @protobuf(1,bytes,opt)
-
- // readOnly specifies a read-only configuration for the volume.
- // Defaults to false (read/write).
- // +optional
- readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt)
-
- // fsType to mount. Ex. "ext4", "xfs", "ntfs".
- // If not provided, the empty value is passed to the associated CSI driver
- // which will determine the default filesystem to apply.
- // +optional
- fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt)
-
- // volumeAttributes stores driver-specific properties that are passed to the CSI
- // driver. Consult your driver's documentation for supported values.
- // +optional
- volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep)
-
- // nodePublishSecretRef is a reference to the secret object containing
- // sensitive information to pass to the CSI driver to complete the CSI
- // NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
- // secret object contains more than one secret, all secret references are passed.
- // +optional
- nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt)
-}
-
-// Represents an ephemeral volume that is handled by a normal storage driver.
-#EphemeralVolumeSource: {
- // Will be used to create a stand-alone PVC to provision the volume.
- // The pod in which this EphemeralVolumeSource is embedded will be the
- // owner of the PVC, i.e. the PVC will be deleted together with the
- // pod. The name of the PVC will be `-` where
- // `` is the name from the `PodSpec.Volumes` array
- // entry. Pod validation will reject the pod if the concatenated name
- // is not valid for a PVC (for example, too long).
- //
- // An existing PVC with that name that is not owned by the pod
- // will *not* be used for the pod to avoid using an unrelated
- // volume by mistake. Starting the pod is then blocked until
- // the unrelated PVC is removed. If such a pre-created PVC is
- // meant to be used by the pod, the PVC has to updated with an
- // owner reference to the pod once the pod exists. Normally
- // this should not be necessary, but it may be useful when
- // manually reconstructing a broken cluster.
- //
- // This field is read-only and no changes will be made by Kubernetes
- // to the PVC after it has been created.
- //
- // Required, must not be nil.
- volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt)
-}
-
-// PersistentVolumeClaimTemplate is used to produce
-// PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
-#PersistentVolumeClaimTemplate: {
- // May contain labels and annotations that will be copied into the PVC
- // when creating it. No other fields are allowed and will be rejected during
- // validation.
- //
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The specification for the PersistentVolumeClaim. The entire content is
- // copied unchanged into the PVC that gets created from this
- // template. The same fields as in a PersistentVolumeClaim
- // are also valid here.
- spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes)
-}
-
-// ContainerPort represents a network port in a single container.
-#ContainerPort: {
- // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- // named port in a pod must have a unique name. Name for the port that can be
- // referred to by services.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // Number of port to expose on the host.
- // If specified, this must be a valid port number, 0 < x < 65536.
- // If HostNetwork is specified, this must match ContainerPort.
- // Most containers do not need this.
- // +optional
- hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt)
-
- // Number of port to expose on the pod's IP address.
- // This must be a valid port number, 0 < x < 65536.
- containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt)
-
- // Protocol for port. Must be UDP, TCP, or SCTP.
- // Defaults to "TCP".
- // +optional
- // +default="TCP"
- protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol)
-
- // What host IP to bind the external port to.
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-}
-
-// VolumeMount describes a mounting of a Volume within a container.
-#VolumeMount: {
- // This must match the Name of a Volume.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Mounted read-only if true, read-write otherwise (false or unspecified).
- // Defaults to false.
- // +optional
- readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt)
-
- // Path within the container at which the volume should be mounted. Must
- // not contain ':'.
- mountPath: string @go(MountPath) @protobuf(3,bytes,opt)
-
- // Path within the volume from which the container's volume should be mounted.
- // Defaults to "" (volume's root).
- // +optional
- subPath?: string @go(SubPath) @protobuf(4,bytes,opt)
-
- // mountPropagation determines how mounts are propagated from the host
- // to container and the other way around.
- // When not set, MountPropagationNone is used.
- // This field is beta in 1.10.
- // +optional
- mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode)
-
- // Expanded path within the volume from which the container's volume should be mounted.
- // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- // Defaults to "" (volume's root).
- // SubPathExpr and SubPath are mutually exclusive.
- // +optional
- subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt)
-}
-
-// MountPropagationMode describes mount propagation.
-// +enum
-#MountPropagationMode: string // #enumMountPropagationMode
-
-#enumMountPropagationMode:
- #MountPropagationNone |
- #MountPropagationHostToContainer |
- #MountPropagationBidirectional
-
-// MountPropagationNone means that the volume in a container will
-// not receive new mounts from the host or other containers, and filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode corresponds to "private" in Linux terminology.
-#MountPropagationNone: #MountPropagationMode & "None"
-
-// MountPropagationHostToContainer means that the volume in a container will
-// receive new mounts from the host or other containers, but filesystems
-// mounted inside the container won't be propagated to the host or other
-// containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rslave" in Linux terminology).
-#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer"
-
-// MountPropagationBidirectional means that the volume in a container will
-// receive new mounts from the host or other containers, and its own mounts
-// will be propagated from the container to the host or other containers.
-// Note that this mode is recursively applied to all mounts in the volume
-// ("rshared" in Linux terminology).
-#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional"
-
-// volumeDevice describes a mapping of a raw block device within a container.
-#VolumeDevice: {
- // name must match the name of a persistentVolumeClaim in the pod
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // devicePath is the path inside of the container that the device will be mapped to.
- devicePath: string @go(DevicePath) @protobuf(2,bytes,opt)
-}
-
-// EnvVar represents an environment variable present in a Container.
-#EnvVar: {
- // Name of the environment variable. Must be a C_IDENTIFIER.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Variable references $(VAR_NAME) are expanded
- // using the previously defined environment variables in the container and
- // any service environment variables. If a variable cannot be resolved,
- // the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- // Escaped references will never be expanded, regardless of whether the variable
- // exists or not.
- // Defaults to "".
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Source for the environment variable's value. Cannot be used if value is not empty.
- // +optional
- valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt)
-}
-
-// EnvVarSource represents a source for the value of an EnvVar.
-#EnvVarSource: {
- // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a key of a ConfigMap.
- // +optional
- configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt)
-
- // Selects a key of a secret in the pod's namespace
- // +optional
- secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt)
-}
-
-// ObjectFieldSelector selects an APIVersioned field of an object.
-// +structType=atomic
-#ObjectFieldSelector: {
- // Version of the schema the FieldPath is written in terms of, defaults to "v1".
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // Path of the field to select in the specified API version.
- fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt)
-}
-
-// ResourceFieldSelector represents container resources (cpu, memory) and their output format
-// +structType=atomic
-#ResourceFieldSelector: {
- // Container name: required for volumes, optional for env vars
- // +optional
- containerName?: string @go(ContainerName) @protobuf(1,bytes,opt)
-
- // Required: resource to select
- "resource": string @go(Resource) @protobuf(2,bytes,opt)
-
- // Specifies the output format of the exposed resources, defaults to "1"
- // +optional
- divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt)
-}
-
-// Selects a key from a ConfigMap.
-// +structType=atomic
-#ConfigMapKeySelector: {
- #LocalObjectReference
-
- // The key to select.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the ConfigMap or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// SecretKeySelector selects a key of a Secret.
-// +structType=atomic
-#SecretKeySelector: {
- #LocalObjectReference
-
- // The key of the secret to select from. Must be a valid secret key.
- key: string @go(Key) @protobuf(2,bytes,opt)
-
- // Specify whether the Secret or its key must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt)
-}
-
-// EnvFromSource represents the source of a set of ConfigMaps
-#EnvFromSource: {
- // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
- // +optional
- prefix?: string @go(Prefix) @protobuf(1,bytes,opt)
-
- // The ConfigMap to select from
- // +optional
- configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt)
-
- // The Secret to select from
- // +optional
- secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt)
-}
-
-// ConfigMapEnvSource selects a ConfigMap to populate the environment
-// variables with.
-//
-// The contents of the target ConfigMap's Data field will represent the
-// key-value pairs as environment variables.
-#ConfigMapEnvSource: {
- #LocalObjectReference
-
- // Specify whether the ConfigMap must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// SecretEnvSource selects a Secret to populate the environment
-// variables with.
-//
-// The contents of the target Secret's Data field will represent the
-// key-value pairs as environment variables.
-#SecretEnvSource: {
- #LocalObjectReference
-
- // Specify whether the Secret must be defined
- // +optional
- optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt)
-}
-
-// HTTPHeader describes a custom header to be used in HTTP probes
-#HTTPHeader: {
- // The header field name.
- // This will be canonicalized upon output, so case-variant names will be understood as the same header.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // The header field value
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// HTTPGetAction describes an action based on HTTP Get requests.
-#HTTPGetAction: {
- // Path to access on the HTTP server.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-
- // Name or number of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt)
-
- // Host name to connect to, defaults to the pod IP. You probably want to set
- // "Host" in httpHeaders instead.
- // +optional
- host?: string @go(Host) @protobuf(3,bytes,opt)
-
- // Scheme to use for connecting to the host.
- // Defaults to HTTP.
- // +optional
- scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme)
-
- // Custom headers to set in the request. HTTP allows repeated headers.
- // +optional
- httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep)
-}
-
-// URIScheme identifies the scheme used for connection to a host for Get actions
-// +enum
-#URIScheme: string // #enumURIScheme
-
-#enumURIScheme:
- #URISchemeHTTP |
- #URISchemeHTTPS
-
-// URISchemeHTTP means that the scheme used will be http://
-#URISchemeHTTP: #URIScheme & "HTTP"
-
-// URISchemeHTTPS means that the scheme used will be https://
-#URISchemeHTTPS: #URIScheme & "HTTPS"
-
-// TCPSocketAction describes an action based on opening a socket
-#TCPSocketAction: {
- // Number or name of the port to access on the container.
- // Number must be in the range 1 to 65535.
- // Name must be an IANA_SVC_NAME.
- port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt)
-
- // Optional: Host name to connect to, defaults to the pod IP.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-#GRPCAction: {
- // Port number of the gRPC service. Number must be in the range 1 to 65535.
- port: int32 @go(Port) @protobuf(1,bytes,opt)
-
- // Service is the name of the service to place in the gRPC HealthCheckRequest
- // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- //
- // If this is not specified, the default behavior is defined by gRPC.
- // +optional
- // +default=""
- service?: null | string @go(Service,*string) @protobuf(2,bytes,opt)
-}
-
-// ExecAction describes a "run in container" action.
-#ExecAction: {
- // Command is the command line to execute inside the container, the working directory for the
- // command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- // a shell, you need to explicitly call out to that shell.
- // Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep)
-}
-
-// Probe describes a health check to be performed against a container to determine whether it is
-// alive or ready to receive traffic.
-#Probe: {
- #ProbeHandler
-
- // Number of seconds after the container has started before liveness probes are initiated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt)
-
- // Number of seconds after which the probe times out.
- // Defaults to 1 second. Minimum value is 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt)
-
- // How often (in seconds) to perform the probe.
- // Default to 10 seconds. Minimum value is 1.
- // +optional
- periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt)
-
- // Minimum consecutive successes for the probe to be considered successful after having failed.
- // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- // +optional
- successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt)
-
- // Minimum consecutive failures for the probe to be considered failed after having succeeded.
- // Defaults to 3. Minimum value is 1.
- // +optional
- failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt)
-
- // Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- // value overrides the value provided by the pod spec.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt)
-}
-
-// PullPolicy describes a policy for if/when to pull a container image
-// +enum
-#PullPolicy: string // #enumPullPolicy
-
-#enumPullPolicy:
- #PullAlways |
- #PullNever |
- #PullIfNotPresent
-
-// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
-#PullAlways: #PullPolicy & "Always"
-
-// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
-#PullNever: #PullPolicy & "Never"
-
-// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
-#PullIfNotPresent: #PullPolicy & "IfNotPresent"
-
-// ResourceResizeRestartPolicy specifies how to handle container resource resize.
-#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy
-
-#enumResourceResizeRestartPolicy:
- #NotRequired |
- #RestartContainer
-
-// 'NotRequired' means Kubernetes will try to resize the container
-// without restarting it, if possible. Kubernetes may however choose to
-// restart the container if it is unable to actuate resize without a
-// restart. For e.g. the runtime doesn't support restart-free resizing.
-#NotRequired: #ResourceResizeRestartPolicy & "NotRequired"
-
-// 'RestartContainer' means Kubernetes will resize the container in-place
-// by stopping and starting the container when new resources are applied.
-// This is needed for legacy applications. For e.g. java apps using the
-// -xmxN flag which are unable to use resized memory without restarting.
-#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer"
-
-// ContainerResizePolicy represents resource resize policy for the container.
-#ContainerResizePolicy: {
- // Name of the resource to which this resource resize policy applies.
- // Supported values: cpu, memory.
- resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName)
-
- // Restart policy to apply when specified resource is resized.
- // If not specified, it defaults to NotRequired.
- restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy)
-}
-
-// PreemptionPolicy describes a policy for if/when to preempt a pod.
-// +enum
-#PreemptionPolicy: string // #enumPreemptionPolicy
-
-#enumPreemptionPolicy:
- #PreemptLowerPriority |
- #PreemptNever
-
-// PreemptLowerPriority means that pod can preempt other pods with lower priority.
-#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority"
-
-// PreemptNever means that pod never preempts other pods with lower priority.
-#PreemptNever: #PreemptionPolicy & "Never"
-
-// TerminationMessagePolicy describes how termination messages are retrieved from a container.
-// +enum
-#TerminationMessagePolicy: string // #enumTerminationMessagePolicy
-
-#enumTerminationMessagePolicy:
- #TerminationMessageReadFile |
- #TerminationMessageFallbackToLogsOnError
-
-// TerminationMessageReadFile is the default behavior and will set the container status message to
-// the contents of the container's terminationMessagePath when the container exits.
-#TerminationMessageReadFile: #TerminationMessagePolicy & "File"
-
-// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs
-// for the container status message when the container exits with an error and the
-// terminationMessagePath has no contents.
-#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError"
-
-// Capability represent POSIX capabilities type
-#Capability: string
-
-// Adds and removes POSIX capabilities from running containers.
-#Capabilities: {
- // Added capabilities
- // +optional
- add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability)
-
- // Removed capabilities
- // +optional
- drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability)
-}
-
-// ResourceRequirements describes the compute resource requirements.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Requests describes the minimum amount of compute resources required.
- // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- // otherwise to an implementation-defined value. Requests cannot exceed Limits.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Claims lists the names of resources, defined in spec.resourceClaims,
- // that are used by this container.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable. It can only be set for containers.
- //
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt)
-}
-
-// ResourceClaim references one entry in PodSpec.ResourceClaims.
-#ResourceClaim: {
- // Name must match the name of one entry in pod.spec.resourceClaims of
- // the Pod where this field is used. It makes that resource available
- // inside a container.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TerminationMessagePathDefault means the default path to capture the application termination message running in a container
-#TerminationMessagePathDefault: "/dev/termination-log"
-
-// A single application container that you want to run within a pod.
-#Container: {
- // Name of the container specified as a DNS_LABEL.
- // Each container in a pod must have a unique name (DNS_LABEL).
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- // This field is optional to allow higher level config management to default or override
- // container images in workload controllers like Deployments and StatefulSets.
- // +optional
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The container image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The container image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // List of ports to expose from the container. Not specifying a port here
- // DOES NOT prevent that port from being exposed. Any port which is
- // listening on the default "0.0.0.0" address inside a container will be
- // accessible from the network.
- // Modifying this array with strategic merge patch may corrupt the data.
- // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Compute Resources required by this container.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // RestartPolicy defines the restart behavior of individual containers in a pod.
- // This field may only be set for init containers, and the only allowed value is "Always".
- // For non-init containers or when this field is not specified,
- // the restart behavior is defined by the Pod's restart policy and the container type.
- // Setting the RestartPolicy as "Always" for the init container will have the following effect:
- // this init container will be continually restarted on
- // exit until all regular containers have terminated. Once all regular
- // containers have completed, all init containers with restartPolicy "Always"
- // will be shut down. This lifecycle differs from normal init containers and
- // is often referred to as a "sidecar" container. Although this init
- // container still starts in the init container sequence, it does not wait
- // for the container to complete before proceeding to the next init
- // container. Instead, the next init container starts immediately after this
- // init container is started, or after any startupProbe has successfully
- // completed.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Periodic probe of container liveness.
- // Container will be restarted if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Periodic probe of container service readiness.
- // Container will be removed from service endpoints if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // StartupProbe indicates that the Pod has successfully initialized.
- // If specified, no other probes are executed until this completes successfully.
- // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- // when it might take a long time to load data or warm a cache, than during steady-state operation.
- // This cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Actions that the management system should take in response to container lifecycle events.
- // Cannot be updated.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // SecurityContext defines the security options the container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// ProbeHandler defines a specific action that should be taken in a probe.
-// One and only one of the fields must be specified.
-#ProbeHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // TCPSocket specifies an action involving a TCP port.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-
- // GRPC specifies an action involving a GRPC port.
- // +optional
- grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt)
-}
-
-// LifecycleHandler defines a specific action that should be taken in a lifecycle
-// hook. One and only one of the fields, except TCPSocket must be specified.
-#LifecycleHandler: {
- // Exec specifies the action to take.
- // +optional
- exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt)
-
- // HTTPGet specifies the http request to perform.
- // +optional
- httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt)
-
- // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- // for the backward compatibility. There are no validation of this field and
- // lifecycle hooks will fail in runtime when tcp handler is specified.
- // +optional
- tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt)
-}
-
-// Lifecycle describes actions that the management system should take in response to container lifecycle
-// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
-// until the action is complete, unless the container process fails, in which case the handler is aborted.
-#Lifecycle: {
- // PostStart is called immediately after a container is created. If the handler fails,
- // the container is terminated and restarted according to its restart policy.
- // Other management of the container blocks until the hook completes.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt)
-
- // PreStop is called immediately before a container is terminated due to an
- // API request or management event such as liveness/startup probe failure,
- // preemption, resource contention, etc. The handler is not called if the
- // container crashes or exits. The Pod's termination grace period countdown begins before the
- // PreStop hook is executed. Regardless of the outcome of the handler, the
- // container will eventually terminate within the Pod's termination grace
- // period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- // or until the termination grace period is reached.
- // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- // +optional
- preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt)
-}
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// ContainerStateWaiting is a waiting state of a container.
-#ContainerStateWaiting: {
- // (brief) reason the container is not yet running.
- // +optional
- reason?: string @go(Reason) @protobuf(1,bytes,opt)
-
- // Message regarding why the container is not yet running.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-}
-
-// ContainerStateRunning is a running state of a container.
-#ContainerStateRunning: {
- // Time at which the container was last (re-)started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt)
-}
-
-// ContainerStateTerminated is a terminated state of a container.
-#ContainerStateTerminated: {
- // Exit status from the last termination of the container
- exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt)
-
- // Signal from the last termination of the container
- // +optional
- signal?: int32 @go(Signal) @protobuf(2,varint,opt)
-
- // (brief) reason from the last termination of the container
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Message regarding the last termination of the container
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // Time at which previous execution of the container started
- // +optional
- startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt)
-
- // Time at which the container last terminated
- // +optional
- finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt)
-
- // Container's ID in the format '://'
- // +optional
- containerID?: string @go(ContainerID) @protobuf(7,bytes,opt)
-}
-
-// ContainerState holds a possible state of container.
-// Only one of its members may be specified.
-// If none of them is specified, the default one is ContainerStateWaiting.
-#ContainerState: {
- // Details about a waiting container
- // +optional
- waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt)
-
- // Details about a running container
- // +optional
- running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt)
-
- // Details about a terminated container
- // +optional
- terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt)
-}
-
-// ContainerStatus contains details for the current status of this container.
-#ContainerStatus: {
- // Name is a DNS_LABEL representing the unique name of the container.
- // Each container in a pod must have a unique name across all container types.
- // Cannot be updated.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // State holds details about the container's current condition.
- // +optional
- state?: #ContainerState @go(State) @protobuf(2,bytes,opt)
-
- // LastTerminationState holds the last termination state of the container to
- // help debug container crashes and restarts. This field is not
- // populated if the container is still running and RestartCount is 0.
- // +optional
- lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt)
-
- // Ready specifies whether the container is currently passing its readiness check.
- // The value will change as readiness probes keep executing. If no readiness
- // probes are specified, this field defaults to true once the container is
- // fully started (see Started field).
- //
- // The value is typically used to determine whether a container is ready to
- // accept traffic.
- ready: bool @go(Ready) @protobuf(4,varint,opt)
-
- // RestartCount holds the number of times the container has been restarted.
- // Kubelet makes an effort to always increment the value, but there
- // are cases when the state may be lost due to node restarts and then the value
- // may be reset to 0. The value is never negative.
- restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt)
-
- // Image is the name of container image that the container is running.
- // The container image may not match the image used in the PodSpec,
- // as it may have been resolved by the runtime.
- // More info: https://kubernetes.io/docs/concepts/containers/images.
- image: string @go(Image) @protobuf(6,bytes,opt)
-
- // ImageID is the image ID of the container's image. The image ID may not
- // match the image ID of the image used in the PodSpec, as it may have been
- // resolved by the runtime.
- imageID: string @go(ImageID) @protobuf(7,bytes,opt)
-
- // ContainerID is the ID of the container in the format '://'.
- // Where type is a container runtime identifier, returned from Version call of CRI API
- // (for example "containerd").
- // +optional
- containerID?: string @go(ContainerID) @protobuf(8,bytes,opt)
-
- // Started indicates whether the container has finished its postStart lifecycle hook
- // and passed its startup probe.
- // Initialized as false, becomes true after startupProbe is considered
- // successful. Resets to false when the container is restarted, or if kubelet
- // loses state temporarily. In both cases, startup probes will run again.
- // Is always true when no startupProbe is defined and container is running and
- // has passed the postStart lifecycle hook. The null value must be treated the
- // same as false.
- // +optional
- started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt)
-
- // AllocatedResources represents the compute resources allocated for this container by the
- // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission
- // and after successfully admitting desired pod resize.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Resources represents the compute resource requests and limits that have been successfully
- // enacted on the running container after it has been started or has been successfully resized.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt)
-}
-
-// PodPhase is a label for the condition of a pod at the current time.
-// +enum
-#PodPhase: string // #enumPodPhase
-
-#enumPodPhase:
- #PodPending |
- #PodRunning |
- #PodSucceeded |
- #PodFailed |
- #PodUnknown
-
-// PodPending means the pod has been accepted by the system, but one or more of the containers
-// has not been started. This includes time before being bound to a node, as well as time spent
-// pulling images onto the host.
-#PodPending: #PodPhase & "Pending"
-
-// PodRunning means the pod has been bound to a node and all of the containers have been started.
-// At least one container is still running or is in the process of being restarted.
-#PodRunning: #PodPhase & "Running"
-
-// PodSucceeded means that all containers in the pod have voluntarily terminated
-// with a container exit code of 0, and the system is not going to restart any of these containers.
-#PodSucceeded: #PodPhase & "Succeeded"
-
-// PodFailed means that all containers in the pod have terminated, and at least one container has
-// terminated in a failure (exited with a non-zero exit code or was stopped by the system).
-#PodFailed: #PodPhase & "Failed"
-
-// PodUnknown means that for some reason the state of the pod could not be obtained, typically due
-// to an error in communicating with the host of the pod.
-// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)
-#PodUnknown: #PodPhase & "Unknown"
-
-// PodConditionType is a valid value for PodCondition.Type
-#PodConditionType: string // #enumPodConditionType
-
-#enumPodConditionType:
- #ContainersReady |
- #PodInitialized |
- #PodReady |
- #PodScheduled |
- #DisruptionTarget
-
-// ContainersReady indicates whether all containers in the pod are ready.
-#ContainersReady: #PodConditionType & "ContainersReady"
-
-// PodInitialized means that all init containers in the pod have started successfully.
-#PodInitialized: #PodConditionType & "Initialized"
-
-// PodReady means the pod is able to service requests and should be added to the
-// load balancing pools of all matching services.
-#PodReady: #PodConditionType & "Ready"
-
-// PodScheduled represents status of the scheduling process for this pod.
-#PodScheduled: #PodConditionType & "PodScheduled"
-
-// DisruptionTarget indicates the pod is about to be terminated due to a
-// disruption (such as preemption, eviction API or garbage-collection).
-#DisruptionTarget: #PodConditionType & "DisruptionTarget"
-
-// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler
-// can't schedule the pod right now, for example due to insufficient resources in the cluster.
-#PodReasonUnschedulable: "Unschedulable"
-
-// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler
-// skips scheduling the pod because one or more scheduling gates are still present.
-#PodReasonSchedulingGated: "SchedulingGated"
-
-// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens
-// during scheduling, for example due to nodeAffinity parsing errors.
-#PodReasonSchedulerError: "SchedulerError"
-
-// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination
-// is initiated by kubelet
-#PodReasonTerminationByKubelet: "TerminationByKubelet"
-
-// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the
-// disruption was initiated by scheduler's preemption.
-#PodReasonPreemptionByScheduler: "PreemptionByScheduler"
-
-// PodCondition contains details for the current condition of this pod.
-#PodCondition: {
- // Type is the type of the condition.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType)
-
- // Status is the status of the condition.
- // Can be True, False, Unknown.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we probed the condition.
- // +optional
- lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // Unique, one-word, CamelCase reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human-readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// PodResizeStatus shows status of desired resize of a pod's containers.
-#PodResizeStatus: string // #enumPodResizeStatus
-
-#enumPodResizeStatus:
- #PodResizeStatusProposed |
- #PodResizeStatusInProgress |
- #PodResizeStatusDeferred |
- #PodResizeStatusInfeasible
-
-// Pod resources resize has been requested and will be evaluated by node.
-#PodResizeStatusProposed: #PodResizeStatus & "Proposed"
-
-// Pod resources resize has been accepted by node and is being actuated.
-#PodResizeStatusInProgress: #PodResizeStatus & "InProgress"
-
-// Node cannot resize the pod at this time and will keep retrying.
-#PodResizeStatusDeferred: #PodResizeStatus & "Deferred"
-
-// Requested pod resize is not feasible and will not be re-evaluated.
-#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible"
-
-// RestartPolicy describes how the container should be restarted.
-// Only one of the following restart policies may be specified.
-// If none of the following policies is specified, the default one
-// is RestartPolicyAlways.
-// +enum
-#RestartPolicy: string // #enumRestartPolicy
-
-#enumRestartPolicy:
- #RestartPolicyAlways |
- #RestartPolicyOnFailure |
- #RestartPolicyNever
-
-#RestartPolicyAlways: #RestartPolicy & "Always"
-#RestartPolicyOnFailure: #RestartPolicy & "OnFailure"
-#RestartPolicyNever: #RestartPolicy & "Never"
-
-// ContainerRestartPolicy is the restart policy for a single container.
-// This may only be set for init containers and only allowed value is "Always".
-#ContainerRestartPolicy: string // #enumContainerRestartPolicy
-
-#enumContainerRestartPolicy:
- #ContainerRestartPolicyAlways
-
-#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always"
-
-// DNSPolicy defines how a pod's DNS will be configured.
-// +enum
-#DNSPolicy: string // #enumDNSPolicy
-
-#enumDNSPolicy:
- #DNSClusterFirstWithHostNet |
- #DNSClusterFirst |
- #DNSDefault |
- #DNSNone
-
-// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS
-// first, if it is available, then fall back on the default
-// (as determined by kubelet) DNS settings.
-#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet"
-
-// DNSClusterFirst indicates that the pod should use cluster DNS
-// first unless hostNetwork is true, if it is available, then
-// fall back on the default (as determined by kubelet) DNS settings.
-#DNSClusterFirst: #DNSPolicy & "ClusterFirst"
-
-// DNSDefault indicates that the pod should use the default (as
-// determined by kubelet) DNS settings.
-#DNSDefault: #DNSPolicy & "Default"
-
-// DNSNone indicates that the pod should use empty DNS settings. DNS
-// parameters such as nameservers and search paths should be defined via
-// DNSConfig.
-#DNSNone: #DNSPolicy & "None"
-
-// DefaultTerminationGracePeriodSeconds indicates the default duration in
-// seconds a pod needs to terminate gracefully.
-#DefaultTerminationGracePeriodSeconds: 30
-
-// A node selector represents the union of the results of one or more label queries
-// over a set of nodes; that is, it represents the OR of the selectors represented
-// by the node selector terms.
-// +structType=atomic
-#NodeSelector: {
- // Required. A list of node selector terms. The terms are ORed.
- nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep)
-}
-
-// A null or empty node selector term matches no objects. The requirements of
-// them are ANDed.
-// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
-// +structType=atomic
-#NodeSelectorTerm: {
- // A list of node selector requirements by node's labels.
- // +optional
- matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep)
-
- // A list of node selector requirements by node's fields.
- // +optional
- matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A node selector requirement is a selector that contains values, a key, and an operator
-// that relates the key and values.
-#NodeSelectorRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // Represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. If the operator is Gt or Lt, the values
- // array must have a single element, which will be interpreted as an integer.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A node selector operator is the set of operators that can be used in
-// a node selector requirement.
-// +enum
-#NodeSelectorOperator: string // #enumNodeSelectorOperator
-
-#enumNodeSelectorOperator:
- #NodeSelectorOpIn |
- #NodeSelectorOpNotIn |
- #NodeSelectorOpExists |
- #NodeSelectorOpDoesNotExist |
- #NodeSelectorOpGt |
- #NodeSelectorOpLt
-
-#NodeSelectorOpIn: #NodeSelectorOperator & "In"
-#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn"
-#NodeSelectorOpExists: #NodeSelectorOperator & "Exists"
-#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist"
-#NodeSelectorOpGt: #NodeSelectorOperator & "Gt"
-#NodeSelectorOpLt: #NodeSelectorOperator & "Lt"
-
-// A topology selector term represents the result of label queries.
-// A null or empty topology selector term matches no objects.
-// The requirements of them are ANDed.
-// It provides a subset of functionality as NodeSelectorTerm.
-// This is an alpha feature and may change in the future.
-// +structType=atomic
-#TopologySelectorTerm: {
- // A list of topology selector requirements by labels.
- // +optional
- matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep)
-}
-
-// A topology selector requirement is a selector that matches given label.
-// This is an alpha feature and may change in the future.
-#TopologySelectorLabelRequirement: {
- // The label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // An array of string values. One value must match the label to be selected.
- // Each entry in Values is ORed.
- values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep)
-}
-
-// Affinity is a group of affinity scheduling rules.
-#Affinity: {
- // Describes node affinity scheduling rules for the pod.
- // +optional
- nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt)
-
- // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt)
-
- // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- // +optional
- podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt)
-}
-
-// Pod affinity is a group of inter pod affinity scheduling rules.
-#PodAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-#PodAntiAffinity: {
- // If the anti-affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the anti-affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to a pod label update), the
- // system may or may not try to eventually evict the pod from its node.
- // When there are multiple elements, the lists of nodes corresponding to each
- // podAffinityTerm are intersected, i.e. all terms must be satisfied.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the anti-affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling anti-affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep)
-}
-
-// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
-#WeightedPodAffinityTerm: {
- // weight associated with matching the corresponding podAffinityTerm,
- // in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // Required. A pod affinity term, associated with the corresponding weight.
- podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt)
-}
-
-// Defines a set of pods (namely those matching the labelSelector
-// relative to the given namespace(s)) that this pod should be
-// co-located (affinity) or not co-located (anti-affinity) with,
-// where co-located is defined as running on a node whose value of
-// the label with key matches that of any node on which
-// a pod of the set of pods is running
-#PodAffinityTerm: {
- // A label query over a set of resources, in this case pods.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
-
- // namespaces specifies a static list of namespace names that the term applies to.
- // The term is applied to the union of the namespaces listed in this field
- // and the ones selected by namespaceSelector.
- // null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- // +optional
- namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep)
-
- // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- // the labelSelector in the specified namespaces, where co-located is defined as running on a node
- // whose value of the label with key topologyKey matches that of any node on which any of the
- // selected pods is running.
- // Empty topologyKey is not allowed.
- topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt)
-
- // A label query over the set of namespaces that the term applies to.
- // The term is applied to the union of the namespaces selected by this field
- // and the ones listed in the namespaces field.
- // null selector and null or empty namespaces list means "this pod's namespace".
- // An empty selector ({}) matches all namespaces.
- // +optional
- namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-}
-
-// Node affinity is a group of node affinity scheduling rules.
-#NodeAffinity: {
- // If the affinity requirements specified by this field are not met at
- // scheduling time, the pod will not be scheduled onto the node.
- // If the affinity requirements specified by this field cease to be met
- // at some point during pod execution (e.g. due to an update), the system
- // may or may not try to eventually evict the pod from its node.
- // +optional
- requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt)
-
- // The scheduler will prefer to schedule pods to nodes that satisfy
- // the affinity expressions specified by this field, but it may choose
- // a node that violates one or more of the expressions. The node that is
- // most preferred is the one with the greatest sum of weights, i.e.
- // for each node that meets all of the scheduling requirements (resource
- // request, requiredDuringScheduling affinity expressions, etc.),
- // compute a sum by iterating through the elements of this field and adding
- // "weight" to the sum if the node matches the corresponding matchExpressions; the
- // node(s) with the highest sum are the most preferred.
- // +optional
- preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep)
-}
-
-// An empty preferred scheduling term matches all objects with implicit weight 0
-// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
-#PreferredSchedulingTerm: {
- // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
- weight: int32 @go(Weight) @protobuf(1,varint,opt)
-
- // A node selector term, associated with the corresponding weight.
- preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt)
-}
-
-// The node this Taint is attached to has the "effect" on
-// any pod that does not tolerate the Taint.
-#Taint: {
- // Required. The taint key to be applied to a node.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // The taint value corresponding to the taint key.
- // +optional
- value?: string @go(Value) @protobuf(2,bytes,opt)
-
- // Required. The effect of the taint on pods
- // that do not tolerate the taint.
- // Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect)
-
- // TimeAdded represents the time at which the taint was added.
- // It is only written for NoExecute taints.
- // +optional
- timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt)
-}
-
-// +enum
-#TaintEffect: string // #enumTaintEffect
-
-#enumTaintEffect:
- #TaintEffectNoSchedule |
- #TaintEffectPreferNoSchedule |
- #TaintEffectNoExecute
-
-// Do not allow new pods to schedule onto the node unless they tolerate the taint,
-// but allow all pods submitted to Kubelet without going through the scheduler
-// to start, and allow all already-running pods to continue running.
-// Enforced by the scheduler.
-#TaintEffectNoSchedule: #TaintEffect & "NoSchedule"
-
-// Like TaintEffectNoSchedule, but the scheduler tries not to schedule
-// new pods onto the node, rather than prohibiting new pods from scheduling
-// onto the node entirely. Enforced by the scheduler.
-#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule"
-
-// Evict any already-running pods that do not tolerate the taint.
-// Currently enforced by NodeController.
-#TaintEffectNoExecute: #TaintEffect & "NoExecute"
-
-// The pod this Toleration is attached to tolerates any taint that matches
-// the triple using the matching operator .
-#Toleration: {
- // Key is the taint key that the toleration applies to. Empty means match all taint keys.
- // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- // +optional
- key?: string @go(Key) @protobuf(1,bytes,opt)
-
- // Operator represents a key's relationship to the value.
- // Valid operators are Exists and Equal. Defaults to Equal.
- // Exists is equivalent to wildcard for value, so that a pod can
- // tolerate all taints of a particular category.
- // +optional
- operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator)
-
- // Value is the taint value the toleration matches to.
- // If the operator is Exists, the value should be empty, otherwise just a regular string.
- // +optional
- value?: string @go(Value) @protobuf(3,bytes,opt)
-
- // Effect indicates the taint effect to match. Empty means match all taint effects.
- // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- // +optional
- effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect)
-
- // TolerationSeconds represents the period of time the toleration (which must be
- // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- // it is not set, which means tolerate the taint forever (do not evict). Zero and
- // negative values will be treated as 0 (evict immediately) by the system.
- // +optional
- tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt)
-}
-
-// A toleration operator is the set of operators that can be used in a toleration.
-// +enum
-#TolerationOperator: string // #enumTolerationOperator
-
-#enumTolerationOperator:
- #TolerationOpExists |
- #TolerationOpEqual
-
-#TolerationOpExists: #TolerationOperator & "Exists"
-#TolerationOpEqual: #TolerationOperator & "Equal"
-
-// PodReadinessGate contains the reference to a pod condition
-#PodReadinessGate: {
- // ConditionType refers to a condition in the pod's condition list with matching type.
- conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType)
-}
-
-// PodSpec is a description of a pod.
-#PodSpec: {
- // List of volumes that can be mounted by containers belonging to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep)
-
- // List of initialization containers belonging to the pod.
- // Init containers are executed in order prior to containers being started. If any
- // init container fails, the pod is considered to have failed and is handled according
- // to its restartPolicy. The name for an init container or normal container must be
- // unique among all containers.
- // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- // The resourceRequirements of an init container are taken into account during scheduling
- // by finding the highest request/limit for each resource type, and then using the max of
- // of that value or the sum of the normal containers. Limits are applied to init containers
- // in a similar fashion.
- // Init containers cannot currently be added or removed.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- // +patchMergeKey=name
- // +patchStrategy=merge
- initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep)
-
- // List of containers belonging to the pod.
- // Containers cannot currently be added or removed.
- // There must be at least one container in a Pod.
- // Cannot be updated.
- // +patchMergeKey=name
- // +patchStrategy=merge
- containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep)
-
- // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
- // pod to perform user-initiated actions such as debugging. This list cannot be specified when
- // creating a pod, and it cannot be modified by updating the pod spec. In order to add an
- // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep)
-
- // Restart policy for all containers within the pod.
- // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
- // Default to Always.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- // +optional
- restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy)
-
- // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // If this value is nil, the default grace period will be used instead.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // Defaults to 30 seconds.
- // +optional
- terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt)
-
- // Optional duration in seconds the pod may be active on the node relative to
- // StartTime before the system will actively try to mark it failed and kill associated containers.
- // Value must be a positive integer.
- // +optional
- activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt)
-
- // Set DNS policy for the pod.
- // Defaults to "ClusterFirst".
- // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
- // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
- // To have DNS options set along with hostNetwork, you have to specify DNS policy
- // explicitly to 'ClusterFirstWithHostNet'.
- // +optional
- dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy)
-
- // NodeSelector is a selector which must be true for the pod to fit on a node.
- // Selector which must match a node's labels for the pod to be scheduled on that node.
- // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- // +optional
- // +mapType=atomic
- nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep)
-
- // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- // +optional
- serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt)
-
- // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
- // Deprecated: Use serviceAccountName instead.
- // +k8s:conversion-gen=false
- // +optional
- serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt)
-
- // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt)
-
- // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
- // the scheduler simply schedules this pod onto that node, assuming that it fits resource
- // requirements.
- // +optional
- nodeName?: string @go(NodeName) @protobuf(10,bytes,opt)
-
- // Host networking requested for this pod. Use the host's network namespace.
- // If this option is set, the ports that will be used must be specified.
- // Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt)
-
- // Use the host's pid namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostPID?: bool @go(HostPID) @protobuf(12,varint,opt)
-
- // Use the host's ipc namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt)
-
- // Share a single process namespace between all of the containers in a pod.
- // When this is set containers will be able to view and signal processes from other containers
- // in the same pod, and the first process in each container will not be assigned PID 1.
- // HostPID and ShareProcessNamespace cannot both be set.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt)
-
- // SecurityContext holds pod-level security attributes and common container settings.
- // Optional: Defaults to empty. See type description for default values of each field.
- // +optional
- securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt)
-
- // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
- // If specified, these secrets will be passed to individual puller implementations for them to use.
- // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep)
-
- // Specifies the hostname of the Pod
- // If not specified, the pod's hostname will be set to a system-defined value.
- // +optional
- hostname?: string @go(Hostname) @protobuf(16,bytes,opt)
-
- // If specified, the fully qualified Pod hostname will be "...svc.".
- // If not specified, the pod will not have a domainname at all.
- // +optional
- subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt)
-
- // If specified, the pod's scheduling constraints
- // +optional
- affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt)
-
- // If specified, the pod will be dispatched by specified scheduler.
- // If not specified, the pod will be dispatched by default scheduler.
- // +optional
- schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt)
-
- // If specified, the pod's tolerations.
- // +optional
- tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt)
-
- // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
- // file if specified. This is only valid for non-hostNetwork pods.
- // +optional
- // +patchMergeKey=ip
- // +patchStrategy=merge
- hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep)
-
- // If specified, indicates the pod's priority. "system-node-critical" and
- // "system-cluster-critical" are two special keywords which indicate the
- // highest priorities with the former being the highest priority. Any other
- // name must be defined by creating a PriorityClass object with that name.
- // If not specified, the pod priority will be default or zero if there is no
- // default.
- // +optional
- priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt)
-
- // The priority value. Various system components use this field to find the
- // priority of the pod. When Priority Admission Controller is enabled, it
- // prevents users from setting this field. The admission controller populates
- // this field from PriorityClassName.
- // The higher the value, the higher the priority.
- // +optional
- priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt)
-
- // Specifies the DNS parameters of a pod.
- // Parameters specified here will be merged to the generated DNS
- // configuration based on DNSPolicy.
- // +optional
- dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt)
-
- // If specified, all readiness gates will be evaluated for pod readiness.
- // A pod is ready when all its containers are ready AND
- // all conditions specified in the readiness gates have status equal to "True"
- // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
- // +optional
- readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt)
-
- // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
- // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
- // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
- // empty definition that uses the default runtime handler.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
- // +optional
- runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt)
-
- // EnableServiceLinks indicates whether information about services should be injected into pod's
- // environment variables, matching the syntax of Docker links.
- // Optional: Defaults to true.
- // +optional
- enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt)
-
- // PreemptionPolicy is the Policy for preempting pods with lower priority.
- // One of Never, PreemptLowerPriority.
- // Defaults to PreemptLowerPriority if unset.
- // +optional
- preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt)
-
- // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
- // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
- // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
- // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
- // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
- // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
- // +optional
- overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt)
-
- // TopologySpreadConstraints describes how a group of pods ought to spread across topology
- // domains. Scheduler will schedule pods in a way which abides by the constraints.
- // All topologySpreadConstraints are ANDed.
- // +optional
- // +patchMergeKey=topologyKey
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=topologyKey
- // +listMapKey=whenUnsatisfiable
- topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt)
-
- // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
- // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
- // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
- // If a pod does not have FQDN, this has no effect.
- // Default to false.
- // +optional
- setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt)
-
- // Specifies the OS of the containers in the pod.
- // Some pod and container fields are restricted if this is set.
- //
- // If the OS field is set to linux, the following fields must be unset:
- // -securityContext.windowsOptions
- //
- // If the OS field is set to windows, following fields must be unset:
- // - spec.hostPID
- // - spec.hostIPC
- // - spec.hostUsers
- // - spec.securityContext.seLinuxOptions
- // - spec.securityContext.seccompProfile
- // - spec.securityContext.fsGroup
- // - spec.securityContext.fsGroupChangePolicy
- // - spec.securityContext.sysctls
- // - spec.shareProcessNamespace
- // - spec.securityContext.runAsUser
- // - spec.securityContext.runAsGroup
- // - spec.securityContext.supplementalGroups
- // - spec.containers[*].securityContext.seLinuxOptions
- // - spec.containers[*].securityContext.seccompProfile
- // - spec.containers[*].securityContext.capabilities
- // - spec.containers[*].securityContext.readOnlyRootFilesystem
- // - spec.containers[*].securityContext.privileged
- // - spec.containers[*].securityContext.allowPrivilegeEscalation
- // - spec.containers[*].securityContext.procMount
- // - spec.containers[*].securityContext.runAsUser
- // - spec.containers[*].securityContext.runAsGroup
- // +optional
- os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt)
-
- // Use the host's user namespace.
- // Optional: Default to true.
- // If set to true or not present, the pod will be run in the host user namespace, useful
- // for when the pod needs a feature only available to the host user namespace, such as
- // loading a kernel module with CAP_SYS_MODULE.
- // When set to false, a new userns is created for the pod. Setting false is useful for
- // mitigating container breakout vulnerabilities even allowing users to run their
- // containers as root without actually having root privileges on the host.
- // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
- // +k8s:conversion-gen=false
- // +optional
- hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt)
-
- // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
- // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
- // scheduler will not attempt to schedule the pod.
- //
- // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
- //
- // This is a beta feature enabled by the PodSchedulingReadiness feature gate.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=name
- // +featureGate=PodSchedulingReadiness
- // +optional
- schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt)
-
- // ResourceClaims defines which ResourceClaims must be allocated
- // and reserved before the Pod is allowed to start. The resources
- // will be made available to those containers which consume them
- // by name.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep)
-}
-
-// PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
-// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
-// Containers that need access to the ResourceClaim reference it with this name.
-#PodResourceClaim: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // Source describes where to find the ResourceClaim.
- source?: #ClaimSource @go(Source) @protobuf(2,bytes)
-}
-
-// ClaimSource describes a reference to a ResourceClaim.
-//
-// Exactly one of these fields should be set. Consumers of this type must
-// treat an empty object as if it has an unknown value.
-#ClaimSource: {
- // ResourceClaimName is the name of a ResourceClaim object in the same
- // namespace as this pod.
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt)
-
- // ResourceClaimTemplateName is the name of a ResourceClaimTemplate
- // object in the same namespace as this pod.
- //
- // The template will be used to create a new ResourceClaim, which will
- // be bound to this pod. When this pod is deleted, the ResourceClaim
- // will also be deleted. The pod name and resource name, along with a
- // generated component, will be used to form a unique name for the
- // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
- //
- // This field is immutable and no changes will be made to the
- // corresponding ResourceClaim by the control plane after creating the
- // ResourceClaim.
- resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt)
-}
-
-// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
-// which references a ResourceClaimTemplate. It stores the generated name for
-// the corresponding ResourceClaim.
-#PodResourceClaimStatus: {
- // Name uniquely identifies this resource claim inside the pod.
- // This must match the name of an entry in pod.spec.resourceClaims,
- // which implies that the string must be a DNS_LABEL.
- name: string @go(Name) @protobuf(1,bytes)
-
- // ResourceClaimName is the name of the ResourceClaim that was
- // generated for the Pod in the namespace of the Pod. It this is
- // unset, then generating a ResourceClaim was not necessary. The
- // pod.spec.resourceClaims entry can be ignored in this case.
- //
- // +optional
- resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt)
-}
-
-// OSName is the set of OS'es that can be used in OS.
-#OSName: string // #enumOSName
-
-#enumOSName:
- #Linux |
- #Windows
-
-#Linux: #OSName & "linux"
-#Windows: #OSName & "windows"
-
-// PodOS defines the OS parameters of a pod.
-#PodOS: {
- // Name is the name of the operating system. The currently supported values are linux and windows.
- // Additional value may be defined in future and can be one of:
- // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- // Clients should expect to handle additional values and treat unrecognized values in this field as os: null
- name: #OSName @go(Name) @protobuf(1,bytes,opt)
-}
-
-// PodSchedulingGate is associated to a Pod to guard its scheduling.
-#PodSchedulingGate: {
- // Name of the scheduling gate.
- // Each scheduling gate must have a unique name field.
- name: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// +enum
-#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction
-
-#enumUnsatisfiableConstraintAction:
- #DoNotSchedule |
- #ScheduleAnyway
-
-// DoNotSchedule instructs the scheduler not to schedule the pod
-// when constraints are not satisfied.
-#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule"
-
-// ScheduleAnyway instructs the scheduler to schedule the pod
-// even if constraints are not satisfied.
-#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway"
-
-// NodeInclusionPolicy defines the type of node inclusion policy
-// +enum
-#NodeInclusionPolicy: string // #enumNodeInclusionPolicy
-
-#enumNodeInclusionPolicy:
- #NodeInclusionPolicyIgnore |
- #NodeInclusionPolicyHonor
-
-// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore"
-
-// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew.
-#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor"
-
-// TopologySpreadConstraint specifies how to spread matching pods among the given topology.
-#TopologySpreadConstraint: {
- // MaxSkew describes the degree to which pods may be unevenly distributed.
- // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- // between the number of matching pods in the target topology and the global minimum.
- // The global minimum is the minimum number of matching pods in an eligible domain
- // or zero if the number of eligible domains is less than MinDomains.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 2/2/1:
- // In this case, the global minimum is 1.
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P |
- // +-------+-------+-------+
- // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- // violate MaxSkew(1).
- // - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- // to topologies that satisfy it.
- // It's a required field. Default value is 1 and 0 is not allowed.
- maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt)
-
- // TopologyKey is the key of node labels. Nodes that have a label with this key
- // and identical values are considered to be in the same topology.
- // We consider each as a "bucket", and try to put balanced number
- // of pods into each bucket.
- // We define a domain as a particular instance of a topology.
- // Also, we define an eligible domain as a domain whose nodes meet the requirements of
- // nodeAffinityPolicy and nodeTaintsPolicy.
- // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- // It's a required field.
- topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt)
-
- // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- // the spread constraint.
- // - DoNotSchedule (default) tells the scheduler not to schedule it.
- // - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- // but giving higher precedence to topologies that would help reduce the
- // skew.
- // A constraint is considered "Unsatisfiable" for an incoming pod
- // if and only if every possible node assignment for that pod would violate
- // "MaxSkew" on some topology.
- // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- // labelSelector spread as 3/1/1:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P P | P | P |
- // +-------+-------+-------+
- // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- // won't make it *more* imbalanced.
- // It's a required field.
- whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction)
-
- // LabelSelector is used to find matching pods.
- // Pods that match this label selector are counted to determine the number of pods
- // in their corresponding topology domain.
- // +optional
- labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
-
- // MinDomains indicates a minimum number of eligible domains.
- // When the number of eligible domains with matching topology keys is less than minDomains,
- // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- // And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- // this value has no effect on scheduling.
- // As a result, when the number of eligible domains is less than minDomains,
- // scheduler won't schedule more than maxSkew Pods to those domains.
- // If value is nil, the constraint behaves as if MinDomains is equal to 1.
- // Valid values are integers greater than 0.
- // When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- //
- // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- // labelSelector spread as 2/2/2:
- // +-------+-------+-------+
- // | zone1 | zone2 | zone3 |
- // +-------+-------+-------+
- // | P P | P P | P P |
- // +-------+-------+-------+
- // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- // In this situation, new pod with the same labelSelector cannot be scheduled,
- // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- // it will violate MaxSkew.
- //
- // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
- // +optional
- minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt)
-
- // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- // when calculating pod topology spread skew. Options are:
- // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- //
- // If this value is nil, the behavior is equivalent to the Honor policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt)
-
- // NodeTaintsPolicy indicates how we will treat node taints when calculating
- // pod topology spread skew. Options are:
- // - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- // has a toleration, are included.
- // - Ignore: node taints are ignored. All nodes are included.
- //
- // If this value is nil, the behavior is equivalent to the Ignore policy.
- // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- // +optional
- nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt)
-
- // MatchLabelKeys is a set of pod label keys to select the pods over which
- // spreading will be calculated. The keys are used to lookup values from the
- // incoming pod labels, those key-value labels are ANDed with labelSelector
- // to select the group of existing pods over which spreading will be calculated
- // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- // MatchLabelKeys cannot be set when LabelSelector isn't set.
- // Keys that don't exist in the incoming pod labels will
- // be ignored. A null or empty list means only match against labelSelector.
- //
- // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- // +listType=atomic
- // +optional
- matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt)
-}
-
-// The default value for enableServiceLinks attribute.
-#DefaultEnableServiceLinks: true
-
-// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
-// pod's hosts file.
-#HostAlias: {
- // IP address of the host file entry.
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostnames for the above IP address.
- hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep)
-}
-
-// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
-// when volume is mounted.
-// +enum
-#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy
-
-#enumPodFSGroupChangePolicy:
- #FSGroupChangeOnRootMismatch |
- #FSGroupChangeAlways
-
-// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed
-// only when permission and ownership of root directory does not match with expected
-// permissions on the volume. This can help shorten the time it takes to change
-// ownership and permissions of a volume.
-#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch"
-
-// FSGroupChangeAlways indicates that volume's ownership and permissions
-// should always be changed whenever volume is mounted inside a Pod. This the default
-// behavior.
-#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always"
-
-// PodSecurityContext holds pod-level security attributes and common container settings.
-// Some fields are also present in container.securityContext. Field values of
-// container.securityContext take precedence over field values of PodSecurityContext.
-#PodSecurityContext: {
- // The SELinux context to be applied to all containers.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in SecurityContext. If set in
- // both SecurityContext and PodSecurityContext, the value specified in SecurityContext
- // takes precedence for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options within a container's SecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence
- // for that container.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in SecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt)
-
- // A list of groups applied to the first process run in each container, in addition
- // to the container's primary GID, the fsGroup (if specified), and group memberships
- // defined in the container image for the uid of the container process. If unspecified,
- // no additional groups are added to any container. Note that group memberships
- // defined in the container image for the uid of the container process are still effective,
- // even if they are not included in this list.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep)
-
- // A special supplemental group that applies to all containers in a pod.
- // Some volume types allow the Kubelet to change the ownership of that volume
- // to be owned by the pod:
- //
- // 1. The owning GID will be the FSGroup
- // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
- // 3. The permission bits are OR'd with rw-rw----
- //
- // If unset, the Kubelet will not modify the ownership and permissions of any volume.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt)
-
- // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
- // sysctls (by the container runtime) might fail to launch.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep)
-
- // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
- // before being exposed inside Pod. This field will only apply to
- // volume types which support fsGroup based ownership(and permissions).
- // It will have no effect on ephemeral volume types such as: secret, configmaps
- // and emptydir.
- // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by the containers in this pod.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt)
-}
-
-// SeccompProfile defines a pod/container's seccomp profile settings.
-// Only one profile source may be set.
-// +union
-#SeccompProfile: {
- // type indicates which kind of seccomp profile will be applied.
- // Valid options are:
- //
- // Localhost - a profile defined in a file on the node should be used.
- // RuntimeDefault - the container runtime default profile should be used.
- // Unconfined - no profile should be applied.
- // +unionDiscriminator
- type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType)
-
- // localhostProfile indicates a profile defined in a file on the node should be used.
- // The profile must be preconfigured on the node to work.
- // Must be a descending path, relative to the kubelet's configured seccomp profile location.
- // Must be set if type is "Localhost". Must NOT be set for any other type.
- // +optional
- localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt)
-}
-
-// SeccompProfileType defines the supported seccomp profile types.
-// +enum
-#SeccompProfileType: string // #enumSeccompProfileType
-
-#enumSeccompProfileType:
- #SeccompProfileTypeUnconfined |
- #SeccompProfileTypeRuntimeDefault |
- #SeccompProfileTypeLocalhost
-
-// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined).
-#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined"
-
-// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile.
-#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault"
-
-// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used.
-// The file's location relative to /seccomp.
-#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost"
-
-// PodQOSClass defines the supported qos classes of Pods.
-// +enum
-#PodQOSClass: string // #enumPodQOSClass
-
-#enumPodQOSClass:
- #PodQOSGuaranteed |
- #PodQOSBurstable |
- #PodQOSBestEffort
-
-// PodQOSGuaranteed is the Guaranteed qos class.
-#PodQOSGuaranteed: #PodQOSClass & "Guaranteed"
-
-// PodQOSBurstable is the Burstable qos class.
-#PodQOSBurstable: #PodQOSClass & "Burstable"
-
-// PodQOSBestEffort is the BestEffort qos class.
-#PodQOSBestEffort: #PodQOSClass & "BestEffort"
-
-// PodDNSConfig defines the DNS parameters of a pod in addition to
-// those generated from DNSPolicy.
-#PodDNSConfig: {
- // A list of DNS name server IP addresses.
- // This will be appended to the base nameservers generated from DNSPolicy.
- // Duplicated nameservers will be removed.
- // +optional
- nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep)
-
- // A list of DNS search domains for host-name lookup.
- // This will be appended to the base search paths generated from DNSPolicy.
- // Duplicated search paths will be removed.
- // +optional
- searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep)
-
- // A list of DNS resolver options.
- // This will be merged with the base options generated from DNSPolicy.
- // Duplicated entries will be removed. Resolution options given in Options
- // will override those that appear in the base DNSPolicy.
- // +optional
- options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep)
-}
-
-// PodDNSConfigOption defines DNS resolver options of a pod.
-#PodDNSConfigOption: {
- // Required.
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // +optional
- value?: null | string @go(Value,*string) @protobuf(2,bytes,opt)
-}
-
-// PodIP represents a single IP address allocated to the pod.
-#PodIP: {
- // IP is the IP address assigned to the pod
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// HostIP represents a single IP address allocated to the host.
-#HostIP: {
- // IP is the IP address assigned to the host
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-}
-
-// EphemeralContainerCommon is a copy of all fields in Container to be inlined in
-// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer
-// to Container and allows separate documentation for the fields of EphemeralContainer.
-// When a new field is added to Container it must be added here as well.
-#EphemeralContainerCommon: {
- // Name of the ephemeral container specified as a DNS_LABEL.
- // This name must be unique among all containers, init containers and ephemeral containers.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- image?: string @go(Image) @protobuf(2,bytes,opt)
-
- // Entrypoint array. Not executed within a shell.
- // The image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep)
-
- // Arguments to the entrypoint.
- // The image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep)
-
- // Container's working directory.
- // If not specified, the container runtime's default will be used, which
- // might be configured in the container image.
- // Cannot be updated.
- // +optional
- workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt)
-
- // Ports are not allowed for ephemeral containers.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep)
-
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep)
-
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep)
-
- // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
- // already allocated to the pod.
- // +optional
- resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt)
-
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep)
-
- // Restart policy for the container to manage the restart behavior of each
- // container within a pod.
- // This may only be set for init containers. You cannot set this field on
- // ephemeral containers.
- // +featureGate=SidecarContainers
- // +optional
- restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy)
-
- // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep)
-
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt)
-
- // Probes are not allowed for ephemeral containers.
- // +optional
- startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt)
-
- // Lifecycle is not allowed for ephemeral containers.
- // +optional
- lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt)
-
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt)
-
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy)
-
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy)
-
- // Optional: SecurityContext defines the security options the ephemeral container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // +optional
- securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt)
-
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(16,varint,opt)
-
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt)
-
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- tty?: bool @go(TTY) @protobuf(18,varint,opt)
-}
-
-// An EphemeralContainer is a temporary container that you may add to an existing Pod for
-// user-initiated activities such as debugging. Ephemeral containers have no resource or
-// scheduling guarantees, and they will not be restarted when they exit or when a Pod is
-// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
-// Pod to exceed its resource allocation.
-//
-// To add an ephemeral container, use the ephemeralcontainers subresource of an existing
-// Pod. Ephemeral containers may not be removed or restarted.
-#EphemeralContainer: {
- #EphemeralContainerCommon
-
- // If set, the name of the container from PodSpec that this ephemeral container targets.
- // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
- // If not set then the ephemeral container uses the namespaces configured in the Pod spec.
- //
- // The container runtime must implement support for this feature. If the runtime does not
- // support namespace targeting then the result of setting this field is undefined.
- // +optional
- targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt)
-}
-
-// PodStatus represents information about the status of a pod. Status may trail the actual
-// state of a system, especially if the node that hosts the pod cannot contact the control
-// plane.
-#PodStatus: {
- // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
- // The conditions array, the reason and message fields, and the individual container status
- // arrays contain more detail about the pod's status.
- // There are five possible phase values:
- //
- // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
- // container images has not been created. This includes time before being scheduled as
- // well as time spent downloading images over the network, which could take a while.
- // Running: The pod has been bound to a node, and all of the containers have been created.
- // At least one container is still running, or is in the process of starting or restarting.
- // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
- // Failed: All containers in the pod have terminated, and at least one container has
- // terminated in failure. The container either exited with non-zero status or was terminated
- // by the system.
- // Unknown: For some reason the state of the pod could not be obtained, typically due to an
- // error in communicating with the host of the pod.
- //
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
- // +optional
- phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase)
-
- // Current service state of pod.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep)
-
- // A human readable message indicating details about why the pod is in this condition.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A brief CamelCase message indicating details about why the pod is in this state.
- // e.g. 'Evicted'
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be
- // scheduled right away as preemption victims receive their graceful termination periods.
- // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide
- // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to
- // give the resources on this node to a higher priority pod that is created after preemption.
- // As a result, this field may be different than PodSpec.nodeName when the pod is
- // scheduled.
- // +optional
- nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt)
-
- // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
- // not be updated even if there is a node is assigned to pod
- // +optional
- hostIP?: string @go(HostIP) @protobuf(5,bytes,opt)
-
- // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
- // match the hostIP field. This list is empty if the pod has not started yet.
- // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
- // not be updated even if there is a node is assigned to this pod.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- // +listType=atomic
- hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep)
-
- // podIP address allocated to the pod. Routable at least within the cluster.
- // Empty if not yet allocated.
- // +optional
- podIP?: string @go(PodIP) @protobuf(6,bytes,opt)
-
- // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must
- // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list
- // is empty if no IPs have been allocated yet.
- // +optional
- // +patchStrategy=merge
- // +patchMergeKey=ip
- podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep)
-
- // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
- // This is before the Kubelet pulled the container image(s) for the pod.
- // +optional
- startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt)
-
- // The list has one entry per init container in the manifest. The most recent successful
- // init container will have ready = true, the most recently started container will have
- // startTime set.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep)
-
- // The list has one entry per container in the manifest.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
- // +optional
- containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep)
-
- // The Quality of Service (QOS) classification assigned to the pod based on resource requirements
- // See PodQOSClass type for available QOS classes
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
- // +optional
- qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep)
-
- // Status for any ephemeral containers that have run in this pod.
- // +optional
- ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep)
-
- // Status of resources resize desired for pod's containers.
- // It is empty if no resources resize is pending.
- // Any changes to container resources will automatically set this to "Proposed"
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus)
-
- // Status of resource claims.
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep)
-}
-
-// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
-#PodStatusResult: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(2,bytes,opt)
-}
-
-// Pod is a collection of containers that can run on a host. This resource is created
-// by clients and scheduled onto hosts.
-#Pod: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the pod.
- // This data may not be up to date.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #PodStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// PodList is a list of Pods.
-#PodList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pods.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
- items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep)
-}
-
-// PodTemplateSpec describes the data a pod should have when created from a template
-#PodTemplateSpec: {
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Specification of the desired behavior of the pod.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// PodTemplate describes a template for creating copies of a predefined pod.
-#PodTemplate: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Template defines the pods that will be created from this pod template.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
-}
-
-// PodTemplateList is a list of PodTemplates.
-#PodTemplateList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of pod templates
- items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep)
-}
-
-// ReplicationControllerSpec is the specification of a replication controller.
-#ReplicationControllerSpec: {
- // Replicas is the number of desired replicas.
- // This is a pointer to distinguish between explicit zero and unspecified.
- // Defaults to 1.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- // +optional
- replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
-
- // Minimum number of seconds for which a newly created pod should be ready
- // without any of its container crashing, for it to be considered available.
- // Defaults to 0 (pod will be considered available as soon as it is ready)
- // +optional
- minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
-
- // Selector is a label query over pods that should match the Replicas count.
- // If Selector is empty, it is defaulted to the labels present on the Pod template.
- // Label keys and values that must match in order to be controlled by this replication
- // controller, if empty defaulted to labels on Pod template.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // Template is the object that describes the pod that will be created if
- // insufficient replicas are detected. This takes precedence over a TemplateRef.
- // The only allowed template.spec.restartPolicy value is "Always".
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
- // +optional
- template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerStatus represents the current status of a replication
-// controller.
-#ReplicationControllerStatus: {
- // Replicas is the most recently observed number of replicas.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
-
- // The number of pods that have labels matching the labels of the pod template of the replication controller.
- // +optional
- fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
-
- // The number of ready replicas for this replication controller.
- // +optional
- readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
-
- // The number of available replicas (ready for at least minReadySeconds) for this replication controller.
- // +optional
- availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
-
- // ObservedGeneration reflects the generation of the most recently observed replication controller.
- // +optional
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // Represents the latest available observations of a replication controller's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep)
-}
-
-#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType
-
-#enumReplicationControllerConditionType:
- #ReplicationControllerReplicaFailure
-
-// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods
-// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors,
-// etc. or deleted due to kubelet being down or finalizers are failing.
-#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure"
-
-// ReplicationControllerCondition describes the state of a replication controller at a certain point.
-#ReplicationControllerCondition: {
- // Type of replication controller condition.
- type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // The last time the condition transitioned from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
-
- // The reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(4,bytes,opt)
-
- // A human readable message indicating details about the transition.
- // +optional
- message?: string @go(Message) @protobuf(5,bytes,opt)
-}
-
-// ReplicationController represents the configuration of a replication controller.
-#ReplicationController: {
- metav1.#TypeMeta
-
- // If the Labels of a ReplicationController are empty, they are defaulted to
- // be the same as the Pod(s) that the replication controller manages.
- // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the specification of the desired behavior of the replication controller.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status is the most recently observed status of the replication controller.
- // This data may be out of date by some window of time.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ReplicationControllerList is a collection of replication controllers.
-#ReplicationControllerList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of replication controllers.
- // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
- items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep)
-}
-
-// Session Affinity Type string
-// +enum
-#ServiceAffinity: string // #enumServiceAffinity
-
-#enumServiceAffinity:
- #ServiceAffinityClientIP |
- #ServiceAffinityNone
-
-// ServiceAffinityClientIP is the Client IP based.
-#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP"
-
-// ServiceAffinityNone - no session affinity.
-#ServiceAffinityNone: #ServiceAffinity & "None"
-
-#DefaultClientIPServiceAffinitySeconds: int32 & 10800
-
-// SessionAffinityConfig represents the configurations of session affinity.
-#SessionAffinityConfig: {
- // clientIP contains the configurations of Client IP based session affinity.
- // +optional
- clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt)
-}
-
-// ClientIPConfig represents the configurations of Client IP based session affinity.
-#ClientIPConfig: {
- // timeoutSeconds specifies the seconds of ClientIP type session sticky time.
- // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
- // Default value is 10800(for 3 hours).
- // +optional
- timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt)
-}
-
-// Service Type string describes ingress methods for a service
-// +enum
-#ServiceType: string // #enumServiceType
-
-#enumServiceType:
- #ServiceTypeClusterIP |
- #ServiceTypeNodePort |
- #ServiceTypeLoadBalancer |
- #ServiceTypeExternalName
-
-// ServiceTypeClusterIP means a service will only be accessible inside the
-// cluster, via the cluster IP.
-#ServiceTypeClusterIP: #ServiceType & "ClusterIP"
-
-// ServiceTypeNodePort means a service will be exposed on one port of
-// every node, in addition to 'ClusterIP' type.
-#ServiceTypeNodePort: #ServiceType & "NodePort"
-
-// ServiceTypeLoadBalancer means a service will be exposed via an
-// external load balancer (if the cloud provider supports it), in addition
-// to 'NodePort' type.
-#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer"
-
-// ServiceTypeExternalName means a service consists of only a reference to
-// an external name that kubedns or equivalent will return as a CNAME
-// record, with no exposing or proxying of any pods involved.
-#ServiceTypeExternalName: #ServiceType & "ExternalName"
-
-// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on the ClusterIP.
-// +enum
-#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy
-
-#enumServiceInternalTrafficPolicy:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster"
-
-// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same
-// node as the client pod (dropping the traffic if there are no local endpoints).
-#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType
-
-#enumServiceInternalTrafficPolicyType:
- #ServiceInternalTrafficPolicyCluster |
- #ServiceInternalTrafficPolicyLocal
-
-// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they
-// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs,
-// and LoadBalancer IPs.
-// +enum
-#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy
-
-#enumServiceExternalTrafficPolicy:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
-#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
-// routing only to endpoints on the same node as the traffic was received on
-// (dropping the traffic if there are no local endpoints).
-#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local"
-
-// for backwards compat
-// +enum
-#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType
-
-#enumServiceExternalTrafficPolicyType:
- #ServiceExternalTrafficPolicyCluster |
- #ServiceExternalTrafficPolicyLocal |
- #ServiceExternalTrafficPolicyTypeLocal |
- #ServiceExternalTrafficPolicyTypeCluster
-
-#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local"
-#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster"
-
-// LoadBalancerPortsError represents the condition of the requested ports
-// on the cloud load balancer instance.
-#LoadBalancerPortsError: "LoadBalancerPortsError"
-
-// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError
-// means the LoadBalancer was not able to be configured correctly.
-#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported"
-
-// ServiceStatus represents the current status of a service.
-#ServiceStatus: {
- // LoadBalancer contains the current status of the load-balancer,
- // if one is present.
- // +optional
- loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
-
- // Current service state
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=type
- conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep)
-}
-
-// LoadBalancerStatus represents the status of a load-balancer.
-#LoadBalancerStatus: {
- // Ingress is a list containing ingress points for the load-balancer.
- // Traffic intended for the service should be sent to these ingress points.
- // +optional
- ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep)
-}
-
-// LoadBalancerIngress represents the status of a load-balancer ingress point:
-// traffic intended for the service should be sent to an ingress point.
-#LoadBalancerIngress: {
- // IP is set for load-balancer ingress points that are IP based
- // (typically GCE or OpenStack load-balancers)
- // +optional
- ip?: string @go(IP) @protobuf(1,bytes,opt)
-
- // Hostname is set for load-balancer ingress points that are DNS based
- // (typically AWS load-balancers)
- // +optional
- hostname?: string @go(Hostname) @protobuf(2,bytes,opt)
-
- // Ports is a list of records of service ports
- // If used, every port defined in the service should have an entry in it
- // +listType=atomic
- // +optional
- ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep)
-}
-
-// IPFamily represents the IP Family (IPv4 or IPv6). This type is used
-// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
-// +enum
-#IPFamily: string // #enumIPFamily
-
-#enumIPFamily:
- #IPv4Protocol |
- #IPv6Protocol
-
-// IPv4Protocol indicates that this IP is IPv4 protocol
-#IPv4Protocol: #IPFamily & "IPv4"
-
-// IPv6Protocol indicates that this IP is IPv6 protocol
-#IPv6Protocol: #IPFamily & "IPv6"
-
-// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service
-// +enum
-#IPFamilyPolicy: string // #enumIPFamilyPolicy
-
-#enumIPFamilyPolicy:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily.
-// The IPFamily assigned is based on the default IPFamily used by the cluster
-// or as identified by service.spec.ipFamilies field
-#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack"
-
-// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when
-// the cluster is configured for dual-stack. If the cluster is not configured
-// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not
-// set in service.spec.ipFamilies then the service will be assigned the default IPFamily
-// configured on the cluster
-#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack"
-
-// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using
-// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The
-// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If
-// service.spec.ipFamilies was not provided then it will be assigned according to how they are
-// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative
-// IPFamily will be added by apiserver
-#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack"
-
-// for backwards compat
-// +enum
-#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType
-
-#enumIPFamilyPolicyType:
- #IPFamilyPolicySingleStack |
- #IPFamilyPolicyPreferDualStack |
- #IPFamilyPolicyRequireDualStack
-
-// ServiceSpec describes the attributes that a user creates on a service.
-#ServiceSpec: {
- // The list of ports that are exposed by this service.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +patchMergeKey=port
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=port
- // +listMapKey=protocol
- ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep)
-
- // Route service traffic to pods with label keys and values matching this
- // selector. If empty or not present, the service is assumed to have an
- // external process managing its endpoints, which Kubernetes will not
- // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
- // Ignored if type is ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/
- // +optional
- // +mapType=atomic
- selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
-
- // clusterIP is the IP address of the service and is usually assigned
- // randomly. If an address is specified manually, is in-range (as per
- // system configuration), and is not in use, it will be allocated to the
- // service; otherwise creation of the service will fail. This field may not
- // be changed through updates unless the type field is also being changed
- // to ExternalName (which requires this field to be blank) or the type
- // field is being changed from ExternalName (in which case this field may
- // optionally be specified, as describe above). Valid values are "None",
- // empty string (""), or a valid IP address. Setting this to "None" makes a
- // "headless service" (no virtual IP), which is useful when direct endpoint
- // connections are preferred and proxying is not required. Only applies to
- // types ClusterIP, NodePort, and LoadBalancer. If this field is specified
- // when creating a Service of type ExternalName, creation will fail. This
- // field will be wiped when updating a Service to type ExternalName.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt)
-
- // ClusterIPs is a list of IP addresses assigned to this service, and are
- // usually assigned randomly. If an address is specified manually, is
- // in-range (as per system configuration), and is not in use, it will be
- // allocated to the service; otherwise creation of the service will fail.
- // This field may not be changed through updates unless the type field is
- // also being changed to ExternalName (which requires this field to be
- // empty) or the type field is being changed from ExternalName (in which
- // case this field may optionally be specified, as describe above). Valid
- // values are "None", empty string (""), or a valid IP address. Setting
- // this to "None" makes a "headless service" (no virtual IP), which is
- // useful when direct endpoint connections are preferred and proxying is
- // not required. Only applies to types ClusterIP, NodePort, and
- // LoadBalancer. If this field is specified when creating a Service of type
- // ExternalName, creation will fail. This field will be wiped when updating
- // a Service to type ExternalName. If this field is not specified, it will
- // be initialized from the clusterIP field. If this field is specified,
- // clients must ensure that clusterIPs[0] and clusterIP have the same
- // value.
- //
- // This field may hold a maximum of two entries (dual-stack IPs, in either order).
- // These IPs must correspond to the values of the ipFamilies field. Both
- // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +listType=atomic
- // +optional
- clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt)
-
- // type determines how the Service is exposed. Defaults to ClusterIP. Valid
- // options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
- // "ClusterIP" allocates a cluster-internal IP address for load-balancing
- // to endpoints. Endpoints are determined by the selector or if that is not
- // specified, by manual construction of an Endpoints object or
- // EndpointSlice objects. If clusterIP is "None", no virtual IP is
- // allocated and the endpoints are published as a set of endpoints rather
- // than a virtual IP.
- // "NodePort" builds on ClusterIP and allocates a port on every node which
- // routes to the same endpoints as the clusterIP.
- // "LoadBalancer" builds on NodePort and creates an external load-balancer
- // (if supported in the current cloud) which routes to the same endpoints
- // as the clusterIP.
- // "ExternalName" aliases this service to the specified externalName.
- // Several other fields do not apply to ExternalName services.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
- // +optional
- type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType)
-
- // externalIPs is a list of IP addresses for which nodes in the cluster
- // will also accept traffic for this service. These IPs are not managed by
- // Kubernetes. The user is responsible for ensuring that traffic arrives
- // at a node with this IP. A common example is external load-balancers
- // that are not part of the Kubernetes system.
- // +optional
- externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep)
-
- // Supports "ClientIP" and "None". Used to maintain session affinity.
- // Enable client IP based session affinity.
- // Must be ClientIP or None.
- // Defaults to None.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- // +optional
- sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity)
-
- // Only applies to Service Type: LoadBalancer.
- // This feature depends on whether the underlying cloud-provider supports specifying
- // the loadBalancerIP when a load balancer is created.
- // This field will be ignored if the cloud-provider does not support the feature.
- // Deprecated: This field was under-specified and its meaning varies across implementations.
- // Using it is non-portable and it may not support dual-stack.
- // Users are encouraged to use implementation-specific annotations when available.
- // +optional
- loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt)
-
- // If specified and supported by the platform, this will restrict traffic through the cloud-provider
- // load-balancer will be restricted to the specified client IPs. This field will be ignored if the
- // cloud-provider does not support the feature."
- // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
- // +optional
- loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt)
-
- // externalName is the external reference that discovery mechanisms will
- // return as an alias for this service (e.g. a DNS CNAME record). No
- // proxying will be involved. Must be a lowercase RFC-1123 hostname
- // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
- // +optional
- externalName?: string @go(ExternalName) @protobuf(10,bytes,opt)
-
- // externalTrafficPolicy describes how nodes distribute service traffic they
- // receive on one of the Service's "externally-facing" addresses (NodePorts,
- // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
- // the service in a way that assumes that external load balancers will take care
- // of balancing the service traffic between nodes, and so each node will deliver
- // traffic only to the node-local endpoints of the service, without masquerading
- // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
- // be dropped.) The default value, "Cluster", uses the standard behavior of
- // routing to all endpoints evenly (possibly modified by topology and other
- // features). Note that traffic sent to an External IP or LoadBalancer IP from
- // within the cluster will always get "Cluster" semantics, but clients sending to
- // a NodePort from within the cluster may need to take traffic policy into account
- // when picking a node.
- // +optional
- externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt)
-
- // healthCheckNodePort specifies the healthcheck nodePort for the service.
- // This only applies when type is set to LoadBalancer and
- // externalTrafficPolicy is set to Local. If a value is specified, is
- // in-range, and is not in use, it will be used. If not specified, a value
- // will be automatically allocated. External systems (e.g. load-balancers)
- // can use this port to determine if a given node holds endpoints for this
- // service or not. If this field is specified when creating a Service
- // which does not need it, creation will fail. This field will be wiped
- // when updating a Service to no longer need it (e.g. changing type).
- // This field cannot be updated once set.
- // +optional
- healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt)
-
- // publishNotReadyAddresses indicates that any agent which deals with endpoints for this
- // Service should disregard any indications of ready/not-ready.
- // The primary use case for setting this field is for a StatefulSet's Headless Service to
- // propagate SRV DNS records for its Pods for the purpose of peer discovery.
- // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
- // Services interpret this to mean that all endpoints are considered "ready" even if the
- // Pods themselves are not. Agents which consume only Kubernetes generated endpoints
- // through the Endpoints or EndpointSlice resources can safely assume this behavior.
- // +optional
- publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt)
-
- // sessionAffinityConfig contains the configurations of session affinity.
- // +optional
- sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt)
-
- // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
- // service. This field is usually assigned automatically based on cluster
- // configuration and the ipFamilyPolicy field. If this field is specified
- // manually, the requested family is available in the cluster,
- // and ipFamilyPolicy allows it, it will be used; otherwise creation of
- // the service will fail. This field is conditionally mutable: it allows
- // for adding or removing a secondary IP family, but it does not allow
- // changing the primary IP family of the Service. Valid values are "IPv4"
- // and "IPv6". This field only applies to Services of types ClusterIP,
- // NodePort, and LoadBalancer, and does apply to "headless" services.
- // This field will be wiped when updating a Service to type ExternalName.
- //
- // This field may hold a maximum of two entries (dual-stack families, in
- // either order). These families must correspond to the values of the
- // clusterIPs field, if specified. Both clusterIPs and ipFamilies are
- // governed by the ipFamilyPolicy field.
- // +listType=atomic
- // +optional
- ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily)
-
- // IPFamilyPolicy represents the dual-stack-ness requested or required by
- // this Service. If there is no value provided, then this field will be set
- // to SingleStack. Services can be "SingleStack" (a single IP family),
- // "PreferDualStack" (two IP families on dual-stack configured clusters or
- // a single IP family on single-stack clusters), or "RequireDualStack"
- // (two IP families on dual-stack configured clusters, otherwise fail). The
- // ipFamilies and clusterIPs fields depend on the value of this field. This
- // field will be wiped when updating a service to type ExternalName.
- // +optional
- ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy)
-
- // allocateLoadBalancerNodePorts defines if NodePorts will be automatically
- // allocated for services with type LoadBalancer. Default is "true". It
- // may be set to "false" if the cluster load-balancer does not rely on
- // NodePorts. If the caller requests specific NodePorts (by specifying a
- // value), those requests will be respected, regardless of this field.
- // This field may only be set for services with type LoadBalancer and will
- // be cleared if the type is changed to any other type.
- // +optional
- allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt)
-
- // loadBalancerClass is the class of the load balancer implementation this Service belongs to.
- // If specified, the value of this field must be a label-style identifier, with an optional prefix,
- // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
- // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
- // balancer implementation is used, today this is typically done through the cloud provider integration,
- // but should apply for any default implementation. If set, it is assumed that a load balancer
- // implementation is watching for Services with a matching class. Any default load balancer
- // implementation (e.g. cloud providers) should ignore Services that set this field.
- // This field can only be set when creating or updating a Service to type 'LoadBalancer'.
- // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
- // +optional
- loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt)
-
- // InternalTrafficPolicy describes how nodes distribute service traffic they
- // receive on the ClusterIP. If set to "Local", the proxy will assume that pods
- // only want to talk to endpoints of the service on the same node as the pod,
- // dropping the traffic if there are no local endpoints. The default value,
- // "Cluster", uses the standard behavior of routing to all endpoints evenly
- // (possibly modified by topology and other features).
- // +optional
- internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt)
-}
-
-// ServicePort contains information on service's port.
-#ServicePort: {
- // The name of this port within the service. This must be a DNS_LABEL.
- // All ports within a ServiceSpec must have unique names. When considering
- // the endpoints for a Service, this must match the 'name' field in the
- // EndpointPort.
- // Optional if only one ServicePort is defined on this service.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
- // Default is TCP.
- // +default="TCP"
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt)
-
- // The port that will be exposed by this service.
- port: int32 @go(Port) @protobuf(3,varint,opt)
-
- // Number or name of the port to access on the pods targeted by the service.
- // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- // If this is a string, it will be looked up as a named port in the
- // target Pod's container ports. If this is not specified, the value
- // of the 'port' field is used (an identity map).
- // This field is ignored for services with clusterIP=None, and should be
- // omitted or set equal to the 'port' field.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
- // +optional
- targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt)
-
- // The port on each node on which this service is exposed when type is
- // NodePort or LoadBalancer. Usually assigned by the system. If a value is
- // specified, in-range, and not in use it will be used, otherwise the
- // operation will fail. If not specified, a port will be allocated if this
- // Service requires one. If this field is specified when creating a
- // Service which does not need it, creation will fail. This field will be
- // wiped when updating a Service to no longer need it (e.g. changing type
- // from NodePort to ClusterIP).
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- // +optional
- nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt)
-}
-
-// Service is a named abstraction of software service (for example, mysql) consisting of local port
-// (for example 3306) that the proxy listens on, and the selector that determines which pods
-// will answer requests sent through the proxy.
-#Service: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a service.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the service.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ClusterIPNone - do not assign a cluster IP
-// no proxying required and no environment variables should be created for pods
-#ClusterIPNone: "None"
-
-// ServiceList holds a list of services.
-#ServiceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of services
- items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep)
-}
-
-// ServiceAccount binds together:
-// * a name, understood by users, and perhaps by peripheral systems, for an identity
-// * a principal that can be authenticated and authorized
-// * a set of secrets
-#ServiceAccount: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use.
- // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true".
- // This field should not be used to find auto-generated service account token secrets for use outside of pods.
- // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep)
-
- // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
- // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
- // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
- // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
- // +optional
- imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep)
-
- // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted.
- // Can be overridden at the pod level.
- // +optional
- automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt)
-}
-
-// ServiceAccountList is a list of ServiceAccount objects
-#ServiceAccountList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ServiceAccounts.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep)
-}
-
-// Endpoints is a collection of endpoints that implement the actual service. Example:
-//
-// Name: "mysvc",
-// Subsets: [
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// },
-// {
-// Addresses: [{"ip": "10.10.3.3"}],
-// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
-// },
-// ]
-#Endpoints: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The set of all endpoints is the union of all subsets. Addresses are placed into
- // subsets according to the IPs they share. A single address with multiple ports,
- // some of which are ready and some of which are not (because they come from
- // different containers) will result in the address being displayed in different
- // subsets for the different ports. No address will appear in both Addresses and
- // NotReadyAddresses in the same subset.
- // Sets of addresses and ports that comprise a service.
- // +optional
- subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep)
-}
-
-// EndpointSubset is a group of addresses with a common set of ports. The
-// expanded set of endpoints is the Cartesian product of Addresses x Ports.
-// For example, given:
-//
-// {
-// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
-// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
-// }
-//
-// The resulting set of endpoints can be viewed as:
-//
-// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
-// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
-#EndpointSubset: {
- // IP addresses which offer the related ports that are marked as ready. These endpoints
- // should be considered safe for load balancers and clients to utilize.
- // +optional
- addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep)
-
- // IP addresses which offer the related ports but are not currently marked as ready
- // because they have not yet finished starting, have recently failed a readiness check,
- // or have recently failed a liveness check.
- // +optional
- notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep)
-
- // Port numbers available on the related IP addresses.
- // +optional
- ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep)
-}
-
-// EndpointAddress is a tuple that describes single IP address.
-// +structType=atomic
-#EndpointAddress: {
- // The IP of this endpoint.
- // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
- // or link-local multicast (224.0.0.0/24 or ff02::/16).
- ip: string @go(IP) @protobuf(1,bytes,opt)
-
- // The Hostname of this endpoint
- // +optional
- hostname?: string @go(Hostname) @protobuf(3,bytes,opt)
-
- // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
- // +optional
- nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt)
-
- // Reference to object providing the endpoint.
- // +optional
- targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt)
-}
-
-// EndpointPort is a tuple that describes a single port.
-// +structType=atomic
-#EndpointPort: {
- // The name of this port. This must match the 'name' field in the
- // corresponding ServicePort.
- // Must be a DNS_LABEL.
- // Optional only if one port is defined.
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The port number of the endpoint.
- port: int32 @go(Port) @protobuf(2,varint,opt)
-
- // The IP protocol for this port.
- // Must be UDP, TCP, or SCTP.
- // Default is TCP.
- // +optional
- protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol)
-
- // The application protocol for this port.
- // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
- // This field follows standard Kubernetes label syntax.
- // Valid values are either:
- //
- // * Un-prefixed protocol names - reserved for IANA standard service names (as per
- // RFC-6335 and https://www.iana.org/assignments/service-names).
- //
- // * Kubernetes-defined prefixed names:
- // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
- // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
- //
- // * Other protocols should use implementation-defined prefixed names such as
- // mycompany.com/my-custom-protocol.
- // +optional
- appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt)
-}
-
-// EndpointsList is a list of endpoints.
-#EndpointsList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of endpoints.
- items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep)
-}
-
-// NodeSpec describes the attributes that a node is created with.
-#NodeSpec: {
- // PodCIDR represents the pod IP range assigned to the node.
- // +optional
- podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt)
-
- // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this
- // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for
- // each of IPv4 and IPv6.
- // +optional
- // +patchStrategy=merge
- podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt)
-
- // ID of the node assigned by the cloud provider in the format: ://
- // +optional
- providerID?: string @go(ProviderID) @protobuf(3,bytes,opt)
-
- // Unschedulable controls node schedulability of new pods. By default, node is schedulable.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
- // +optional
- unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt)
-
- // If specified, the node's taints.
- // +optional
- taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt)
-
- // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.
- // +optional
- configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt)
-
- // Deprecated. Not all kubelets will set this field. Remove field after 1.13.
- // see: https://issues.k8s.io/61966
- // +optional
- externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt)
-}
-
-// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
-// This API is deprecated since 1.22
-#NodeConfigSource: {
- // ConfigMap is a reference to a Node's ConfigMap
- configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt)
-}
-
-// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
-// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
-#ConfigMapNodeConfigSource: {
- // Namespace is the metadata.namespace of the referenced ConfigMap.
- // This field is required in all cases.
- namespace: string @go(Namespace) @protobuf(1,bytes,opt)
-
- // Name is the metadata.name of the referenced ConfigMap.
- // This field is required in all cases.
- name: string @go(Name) @protobuf(2,bytes,opt)
-
- // UID is the metadata.UID of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- uid?: types.#UID @go(UID) @protobuf(3,bytes,opt)
-
- // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
- // This field is forbidden in Node.Spec, and required in Node.Status.
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
- // This field is required in all cases.
- kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt)
-}
-
-// DaemonEndpoint contains information about a single Daemon endpoint.
-#DaemonEndpoint: {
- // Port number of the given endpoint.
- Port: int32 @protobuf(1,varint,opt)
-}
-
-// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
-#NodeDaemonEndpoints: {
- // Endpoint on which Kubelet is listening.
- // +optional
- kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt)
-}
-
-// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
-#NodeSystemInfo: {
- // MachineID reported by the node. For unique machine identification
- // in the cluster this field is preferred. Learn more from man(5)
- // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
- machineID: string @go(MachineID) @protobuf(1,bytes,opt)
-
- // SystemUUID reported by the node. For unique machine identification
- // MachineID is preferred. This field is specific to Red Hat hosts
- // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
- systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt)
-
- // Boot ID reported by the node.
- bootID: string @go(BootID) @protobuf(3,bytes,opt)
-
- // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
- kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt)
-
- // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
- osImage: string @go(OSImage) @protobuf(5,bytes,opt)
-
- // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
- containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt)
-
- // Kubelet Version reported by the node.
- kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt)
-
- // KubeProxy Version reported by the node.
- kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt)
-
- // The Operating System reported by the node
- operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt)
-
- // The Architecture reported by the node
- architecture: string @go(Architecture) @protobuf(10,bytes,opt)
-}
-
-// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
-#NodeConfigStatus: {
- // Assigned reports the checkpointed config the node will try to use.
- // When Node.Spec.ConfigSource is updated, the node checkpoints the associated
- // config payload to local disk, along with a record indicating intended
- // config. The node refers to this record to choose its config checkpoint, and
- // reports this record in Assigned. Assigned only updates in the status after
- // the record has been checkpointed to disk. When the Kubelet is restarted,
- // it tries to make the Assigned config the Active config by loading and
- // validating the checkpointed payload identified by Assigned.
- // +optional
- assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt)
-
- // Active reports the checkpointed config the node is actively using.
- // Active will represent either the current version of the Assigned config,
- // or the current LastKnownGood config, depending on whether attempting to use the
- // Assigned config results in an error.
- // +optional
- active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt)
-
- // LastKnownGood reports the checkpointed config the node will fall back to
- // when it encounters an error attempting to use the Assigned config.
- // The Assigned config becomes the LastKnownGood config when the node determines
- // that the Assigned config is stable and correct.
- // This is currently implemented as a 10-minute soak period starting when the local
- // record of Assigned config is updated. If the Assigned config is Active at the end
- // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
- // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
- // because the local default config is always assumed good.
- // You should not make assumptions about the node's method of determining config stability
- // and correctness, as this may change or become configurable in the future.
- // +optional
- lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt)
-
- // Error describes any problems reconciling the Spec.ConfigSource to the Active config.
- // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
- // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
- // to load or validate the Assigned config, etc.
- // Errors may occur at different points while syncing config. Earlier errors (e.g. download or
- // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
- // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
- // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
- // by fixing the config assigned in Spec.ConfigSource.
- // You can find additional information for debugging by searching the error message in the Kubelet log.
- // Error is a human-readable description of the error state; machines can check whether or not Error
- // is empty, but should not rely on the stability of the Error text across Kubelet versions.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// NodeStatus is information about the current status of a node.
-#NodeStatus: {
- // Capacity represents the total resources of a node.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
- // +optional
- capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Allocatable represents the resources of a node that are available for scheduling.
- // Defaults to Capacity.
- // +optional
- allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // NodePhase is the recently observed lifecycle phase of the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase
- // The field is never populated, and now is deprecated.
- // +optional
- phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase)
-
- // Conditions is an array of current observed node conditions.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep)
-
- // List of addresses reachable to the node.
- // Queried from cloud provider, if available.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses
- // Note: This field is declared as mergeable, but the merge key is not sufficiently
- // unique, which can cause data corruption when it is merged. Callers should instead
- // use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
- // Consumers should assume that addresses can change during the
- // lifetime of a Node. However, there are some exceptions where this may not
- // be possible, such as Pods that inherit a Node's address in its own status or
- // consumers of the downward API (status.hostIP).
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep)
-
- // Endpoints of daemons running on the Node.
- // +optional
- daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt)
-
- // Set of ids/uuids to uniquely identify the node.
- // More info: https://kubernetes.io/docs/concepts/nodes/node/#info
- // +optional
- nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt)
-
- // List of container images on this node
- // +optional
- images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep)
-
- // List of attachable volumes in use (mounted) by the node.
- // +optional
- volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep)
-
- // List of volumes that are attached to the node.
- // +optional
- volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep)
-
- // Status of the config assigned to the node via the dynamic Kubelet config feature.
- // +optional
- config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt)
-}
-
-#UniqueVolumeName: string
-
-// AttachedVolume describes a volume attached to a node
-#AttachedVolume: {
- // Name of the attached volume
- name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep)
-
- // DevicePath represents the device path where the volume should be available
- devicePath: string @go(DevicePath) @protobuf(2,bytes,rep)
-}
-
-// AvoidPods describes pods that should avoid this node. This is the value for a
-// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and
-// will eventually become a field of NodeStatus.
-#AvoidPods: {
- // Bounded-sized list of signatures of pods that should avoid this node, sorted
- // in timestamp order from oldest to newest. Size of the slice is unspecified.
- // +optional
- preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep)
-}
-
-// Describes a class of pods that should avoid this node.
-#PreferAvoidPodsEntry: {
- // The class of pods.
- podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt)
-
- // Time at which this entry was added to the list.
- // +optional
- evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt)
-
- // (brief) reason why this entry was added to the list.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // Human readable message indicating why this entry was added to the list.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-}
-
-// Describes the class of pods that should avoid this node.
-// Exactly one field should be set.
-#PodSignature: {
- // Reference to controller whose pods should avoid this node.
- // +optional
- podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt)
-}
-
-// Describe a container image
-#ContainerImage: {
- // Names by which this image is known.
- // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
- // +optional
- names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep)
-
- // The size of the image in bytes.
- // +optional
- sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt)
-}
-
-// +enum
-#NodePhase: string // #enumNodePhase
-
-#enumNodePhase:
- #NodePending |
- #NodeRunning |
- #NodeTerminated
-
-// NodePending means the node has been created/added by the system, but not configured.
-#NodePending: #NodePhase & "Pending"
-
-// NodeRunning means the node has been configured and has Kubernetes components running.
-#NodeRunning: #NodePhase & "Running"
-
-// NodeTerminated means the node has been removed from the cluster.
-#NodeTerminated: #NodePhase & "Terminated"
-
-#NodeConditionType: string // #enumNodeConditionType
-
-#enumNodeConditionType:
- #NodeReady |
- #NodeMemoryPressure |
- #NodeDiskPressure |
- #NodePIDPressure |
- #NodeNetworkUnavailable
-
-// NodeReady means kubelet is healthy and ready to accept pods.
-#NodeReady: #NodeConditionType & "Ready"
-
-// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory.
-#NodeMemoryPressure: #NodeConditionType & "MemoryPressure"
-
-// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk.
-#NodeDiskPressure: #NodeConditionType & "DiskPressure"
-
-// NodePIDPressure means the kubelet is under pressure due to insufficient available PID.
-#NodePIDPressure: #NodeConditionType & "PIDPressure"
-
-// NodeNetworkUnavailable means that network for the node is not correctly configured.
-#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable"
-
-// NodeCondition contains condition information for a node.
-#NodeCondition: {
- // Type of node condition.
- type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Last time we got an update on a given condition.
- // +optional
- lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt)
-
- // Last time the condition transit from one status to another.
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // (brief) reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-#NodeAddressType: string // #enumNodeAddressType
-
-#enumNodeAddressType:
- #NodeHostName |
- #NodeInternalIP |
- #NodeExternalIP |
- #NodeInternalDNS |
- #NodeExternalDNS
-
-// NodeHostName identifies a name of the node. Although every node can be assumed
-// to have a NodeAddress of this type, its exact syntax and semantics are not
-// defined, and are not consistent between different clusters.
-#NodeHostName: #NodeAddressType & "Hostname"
-
-// NodeInternalIP identifies an IP address which is assigned to one of the node's
-// network interfaces. Every node should have at least one address of this type.
-//
-// An internal IP is normally expected to be reachable from every other node, but
-// may not be visible to hosts outside the cluster. By default it is assumed that
-// kube-apiserver can reach node internal IPs, though it is possible to configure
-// clusters where this is not the case.
-//
-// NodeInternalIP is the default type of node IP, and does not necessarily imply
-// that the IP is ONLY reachable internally. If a node has multiple internal IPs,
-// no specific semantics are assigned to the additional IPs.
-#NodeInternalIP: #NodeAddressType & "InternalIP"
-
-// NodeExternalIP identifies an IP address which is, in some way, intended to be
-// more usable from outside the cluster then an internal IP, though no specific
-// semantics are defined. It may be a globally routable IP, though it is not
-// required to be.
-//
-// External IPs may be assigned directly to an interface on the node, like a
-// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed
-// to an internal node IP rather than being delivered directly (making the IP less
-// efficient for node-to-node traffic than a NodeInternalIP).
-#NodeExternalIP: #NodeAddressType & "ExternalIP"
-
-// NodeInternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeInternalIP. The IP it resolves to may or may not
-// be a listed NodeInternalIP address.
-#NodeInternalDNS: #NodeAddressType & "InternalDNS"
-
-// NodeExternalDNS identifies a DNS name which resolves to an IP address which has
-// the characteristics of a NodeExternalIP. The IP it resolves to may or may not
-// be a listed NodeExternalIP address.
-#NodeExternalDNS: #NodeAddressType & "ExternalDNS"
-
-// NodeAddress contains information for the node's address.
-#NodeAddress: {
- // Node address type, one of Hostname, ExternalIP or InternalIP.
- type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType)
-
- // The node address.
- address: string @go(Address) @protobuf(2,bytes,opt)
-}
-
-// ResourceName is the name identifying various resources in a ResourceList.
-#ResourceName: string // #enumResourceName
-
-#enumResourceName:
- #ResourceCPU |
- #ResourceMemory |
- #ResourceStorage |
- #ResourceEphemeralStorage |
- #ResourcePods |
- #ResourceServices |
- #ResourceReplicationControllers |
- #ResourceQuotas |
- #ResourceSecrets |
- #ResourceConfigMaps |
- #ResourcePersistentVolumeClaims |
- #ResourceServicesNodePorts |
- #ResourceServicesLoadBalancers |
- #ResourceRequestsCPU |
- #ResourceRequestsMemory |
- #ResourceRequestsStorage |
- #ResourceRequestsEphemeralStorage |
- #ResourceLimitsCPU |
- #ResourceLimitsMemory |
- #ResourceLimitsEphemeralStorage
-
-// CPU, in cores. (500m = .5 cores)
-#ResourceCPU: #ResourceName & "cpu"
-
-// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceMemory: #ResourceName & "memory"
-
-// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024)
-#ResourceStorage: #ResourceName & "storage"
-
-// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// The resource name for ResourceEphemeralStorage is alpha and it can change across releases.
-#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage"
-
-// Default namespace prefix.
-#ResourceDefaultNamespacePrefix: "kubernetes.io/"
-
-// Name prefix for huge page resources (alpha).
-#ResourceHugePagesPrefix: "hugepages-"
-
-// Name prefix for storage resource limits
-#ResourceAttachableVolumesPrefix: "attachable-volumes-"
-
-// ResourceList is a set of (resource name, quantity) pairs.
-#ResourceList: {[string]: resource.#Quantity}
-
-// Node is a worker node in Kubernetes.
-// Each node will have a unique identifier in the cache (i.e. in etcd).
-#Node: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of a node.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Most recently observed status of the node.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NodeList is the whole list of all Nodes which have been registered with master.
-#NodeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of nodes
- items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep)
-}
-
-// FinalizerName is the name identifying a finalizer during namespace lifecycle.
-#FinalizerName: string // #enumFinalizerName
-
-#enumFinalizerName:
- #FinalizerKubernetes
-
-#FinalizerKubernetes: #FinalizerName & "kubernetes"
-
-// NamespaceSpec describes the attributes on a Namespace.
-#NamespaceSpec: {
- // Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName)
-}
-
-// NamespaceStatus is information about the current status of a Namespace.
-#NamespaceStatus: {
- // Phase is the current lifecycle phase of the namespace.
- // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
- // +optional
- phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase)
-
- // Represents the latest available observations of a namespace's current state.
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep)
-}
-
-// +enum
-#NamespacePhase: string // #enumNamespacePhase
-
-#enumNamespacePhase:
- #NamespaceActive |
- #NamespaceTerminating
-
-// NamespaceActive means the namespace is available for use in the system
-#NamespaceActive: #NamespacePhase & "Active"
-
-// NamespaceTerminating means the namespace is undergoing graceful termination
-#NamespaceTerminating: #NamespacePhase & "Terminating"
-
-// NamespaceTerminatingCause is returned as a defaults.cause item when a change is
-// forbidden due to the namespace being terminated.
-#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating"
-
-#NamespaceConditionType: string // #enumNamespaceConditionType
-
-#enumNamespaceConditionType:
- #NamespaceDeletionDiscoveryFailure |
- #NamespaceDeletionContentFailure |
- #NamespaceDeletionGVParsingFailure |
- #NamespaceContentRemaining |
- #NamespaceFinalizersRemaining
-
-// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery.
-#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure"
-
-// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources.
-#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure"
-
-// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types.
-#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure"
-
-// NamespaceContentRemaining contains information about resources remaining in a namespace.
-#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining"
-
-// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace.
-#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining"
-
-// NamespaceCondition contains details about state of namespace.
-#NamespaceCondition: {
- // Type of namespace controller condition.
- type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // +optional
- lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // +optional
- reason?: string @go(Reason) @protobuf(5,bytes,opt)
-
- // +optional
- message?: string @go(Message) @protobuf(6,bytes,opt)
-}
-
-// Namespace provides a scope for Names.
-// Use of multiple namespaces is optional.
-#Namespace: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the behavior of the Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status describes the current status of a Namespace.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// NamespaceList is a list of Namespaces.
-#NamespaceList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of Namespace objects in the list.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep)
-}
-
-// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
-// Deprecated in 1.7, please use the bindings subresource of pods instead.
-#Binding: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The target object that you want to bind to the standard object.
- target: #ObjectReference @go(Target) @protobuf(2,bytes,opt)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-// +k8s:openapi-gen=false
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-}
-
-// PodLogOptions is the query options for a Pod's logs REST call.
-#PodLogOptions: {
- metav1.#TypeMeta
-
- // The container for which to stream logs. Defaults to only container if there is one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(1,bytes,opt)
-
- // Follow the log stream of the pod. Defaults to false.
- // +optional
- follow?: bool @go(Follow) @protobuf(2,varint,opt)
-
- // Return previous terminated container logs. Defaults to false.
- // +optional
- previous?: bool @go(Previous) @protobuf(3,varint,opt)
-
- // A relative time in seconds before the current time from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt)
-
- // An RFC3339 timestamp from which to show logs. If this value
- // precedes the time a pod was started, only logs since the pod start will be returned.
- // If this value is in the future, no logs will be returned.
- // Only one of sinceSeconds or sinceTime may be specified.
- // +optional
- sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt)
-
- // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
- // of log output. Defaults to false.
- // +optional
- timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt)
-
- // If set, the number of lines from the end of the logs to show. If not specified,
- // logs are shown from the creation of the container or sinceSeconds or sinceTime
- // +optional
- tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt)
-
- // If set, the number of bytes to read from the server before terminating the
- // log output. This may not display a complete final line of logging, and may return
- // slightly more or slightly less than the specified limit.
- // +optional
- limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt)
-
- // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the
- // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver
- // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real
- // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the
- // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept
- // the actual log data coming from the real kubelet).
- // +optional
- insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt)
-}
-
-// PodAttachOptions is the query options to a Pod's remote attach call.
-// ---
-// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodAttachOptions: {
- metav1.#TypeMeta
-
- // Stdin if true, redirects the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Stdout if true indicates that stdout is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Stderr if true indicates that stderr is to be redirected for the attach call.
- // Defaults to true.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the attach call.
- // This is passed through the container runtime so the tty
- // is allocated on the worker node by the container runtime.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // The container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-}
-
-// PodExecOptions is the query options to a Pod's remote exec call.
-// ---
-// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging
-// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
-#PodExecOptions: {
- metav1.#TypeMeta
-
- // Redirect the standard input stream of the pod for this call.
- // Defaults to false.
- // +optional
- stdin?: bool @go(Stdin) @protobuf(1,varint,opt)
-
- // Redirect the standard output stream of the pod for this call.
- // +optional
- stdout?: bool @go(Stdout) @protobuf(2,varint,opt)
-
- // Redirect the standard error stream of the pod for this call.
- // +optional
- stderr?: bool @go(Stderr) @protobuf(3,varint,opt)
-
- // TTY if true indicates that a tty will be allocated for the exec call.
- // Defaults to false.
- // +optional
- tty?: bool @go(TTY) @protobuf(4,varint,opt)
-
- // Container in which to execute the command.
- // Defaults to only container if there is only one container in the pod.
- // +optional
- container?: string @go(Container) @protobuf(5,bytes,opt)
-
- // Command is the remote command to execute. argv array. Not executed within a shell.
- command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep)
-}
-
-// PodPortForwardOptions is the query options to a Pod's port forward call
-// when using WebSockets.
-// The `port` query parameter must specify the port or
-// ports (comma separated) to forward over.
-// Port forwarding over SPDY does not use these options. It requires the port
-// to be passed in the `port` header as part of request.
-#PodPortForwardOptions: {
- metav1.#TypeMeta
-
- // List of ports to forward
- // Required when using WebSockets
- // +optional
- ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep)
-}
-
-// PodProxyOptions is the query options to a Pod's proxy call.
-#PodProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to pod.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// NodeProxyOptions is the query options to a Node's proxy call.
-#NodeProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the URL path to use for the current proxy request to node.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ServiceProxyOptions is the query options to a Service's proxy call.
-#ServiceProxyOptions: {
- metav1.#TypeMeta
-
- // Path is the part of URLs that include service endpoints, suffixes,
- // and parameters to use for the current proxy request to service.
- // For example, the whole request URL is
- // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy.
- // Path is _search?q=user:kimchy.
- // +optional
- path?: string @go(Path) @protobuf(1,bytes,opt)
-}
-
-// ObjectReference contains enough information to let you inspect or modify the referred object.
-// ---
-// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
-// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
-// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
-// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
-// Those cannot be well described when embedded.
-// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
-// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
-// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
-// and the version of the actual struct is irrelevant.
-// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
-// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
-//
-// Instead of using this type, create a locally provided and used type that is well-focused on your reference.
-// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +structType=atomic
-#ObjectReference: {
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Namespace of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- // +optional
- namespace?: string @go(Namespace) @protobuf(2,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // +optional
- name?: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // API version of the referent.
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Specific resourceVersion to which this reference is made, if any.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // If referring to a piece of an object instead of an entire object, this string
- // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- // For example, if the object reference is to a container within a pod, this would take on a value like:
- // "spec.containers{name}" (where "name" refers to the name of the container that triggered
- // the event) or if no container name is specified "spec.containers[2]" (container with
- // index 2 in this pod). This syntax is chosen only to have some well-defined way of
- // referencing a part of an object.
- // TODO: this design is not final and this field is subject to change in the future.
- // +optional
- fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt)
-}
-
-// LocalObjectReference contains enough information to let you locate the
-// referenced object inside the same namespace.
-// +structType=atomic
-#LocalObjectReference: {
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // TODO: Add other useful fields. apiVersion, kind, uid?
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-}
-
-// TypedLocalObjectReference contains enough information to let you locate the
-// typed referenced object inside the same namespace.
-// +structType=atomic
-#TypedLocalObjectReference: {
- // APIGroup is the group for the resource being referenced.
- // If APIGroup is not specified, the specified Kind must be in the core API group.
- // For any other third-party types, APIGroup is required.
- // +optional
- apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt)
-
- // Kind is the type of resource being referenced
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-
- // Name is the name of resource being referenced
- name: string @go(Name) @protobuf(3,bytes,opt)
-}
-
-// SerializedReference is a reference to serialized object.
-#SerializedReference: {
- metav1.#TypeMeta
-
- // The reference to an object in the system.
- // +optional
- reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt)
-}
-
-// EventSource contains information for an event.
-#EventSource: {
- // Component from which the event is generated.
- // +optional
- component?: string @go(Component) @protobuf(1,bytes,opt)
-
- // Node name on which the event is generated.
- // +optional
- host?: string @go(Host) @protobuf(2,bytes,opt)
-}
-
-// Information only and will not cause any problems
-#EventTypeNormal: "Normal"
-
-// These events are to warn that something might go wrong
-#EventTypeWarning: "Warning"
-
-// Event is a report of an event somewhere in the cluster. Events
-// have a limited retention time and triggers and messages may evolve
-// with time. Event consumers should not rely on the timing of an event
-// with a given Reason reflecting a consistent underlying trigger, or the
-// continued existence of events with that Reason. Events should be
-// treated as informative, best-effort, supplemental data.
-#Event: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // The object that this event is about.
- involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt)
-
- // This should be a short, machine understandable string that gives the reason
- // for the transition into the object's current status.
- // TODO: provide exact specification for format.
- // +optional
- reason?: string @go(Reason) @protobuf(3,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // TODO: decide on maximum length.
- // +optional
- message?: string @go(Message) @protobuf(4,bytes,opt)
-
- // The component reporting this event. Should be a short machine understandable string.
- // +optional
- source?: #EventSource @go(Source) @protobuf(5,bytes,opt)
-
- // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
- // +optional
- firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt)
-
- // The time at which the most recent occurrence of this event was recorded.
- // +optional
- lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt)
-
- // The number of times this event has occurred.
- // +optional
- count?: int32 @go(Count) @protobuf(8,varint,opt)
-
- // Type of this event (Normal, Warning), new types could be added in the future
- // +optional
- type?: string @go(Type) @protobuf(9,bytes,opt)
-
- // Time when this Event was first observed.
- // +optional
- eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt)
-
- // Data about the Event series this event represents or nil if it's a singleton Event.
- // +optional
- series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt)
-
- // What action was taken/failed regarding to the Regarding object.
- // +optional
- action?: string @go(Action) @protobuf(12,bytes,opt)
-
- // Optional secondary object for more complex actions.
- // +optional
- related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt)
-
- // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
- // +optional
- reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt)
-
- // ID of the controller instance, e.g. `kubelet-xyzf`.
- // +optional
- reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt)
-}
-
-// EventSeries contain information on series of events, i.e. thing that was/is happening
-// continuously for some time.
-#EventSeries: {
- // Number of occurrences in this series up to the last heartbeat time
- count?: int32 @go(Count) @protobuf(1,varint)
-
- // Time of the last occurrence observed
- lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes)
-}
-
-// EventList is a list of events.
-#EventList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of events
- items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep)
-}
-
-// List holds a list of objects, which may not be known by the server.
-#List: metav1.#List
-
-// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or
-// a fully qualified resource name.
-#LimitType: string // #enumLimitType
-
-#enumLimitType:
- #LimitTypePod |
- #LimitTypeContainer |
- #LimitTypePersistentVolumeClaim
-
-// Limit that applies to all pods in a namespace
-#LimitTypePod: #LimitType & "Pod"
-
-// Limit that applies to all containers in a namespace
-#LimitTypeContainer: #LimitType & "Container"
-
-// Limit that applies to all persistent volume claims in a namespace
-#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim"
-
-// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
-#LimitRangeItem: {
- // Type of resource that this limit applies to.
- type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType)
-
- // Max usage constraints on this kind by resource name.
- // +optional
- max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Min usage constraints on this kind by resource name.
- // +optional
- min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Default resource requirement limit value by resource name if resource limit is omitted.
- // +optional
- default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
- // +optional
- defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
- // +optional
- maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
-#LimitRangeSpec: {
- // Limits is the list of LimitRangeItem objects that are enforced.
- limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep)
-}
-
-// LimitRange sets resource usage limits for each kind of resource in a Namespace.
-#LimitRange: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the limits enforced.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt)
-}
-
-// LimitRangeList is a list of LimitRange items.
-#LimitRangeList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of LimitRange objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep)
-}
-
-// Pods, number
-#ResourcePods: #ResourceName & "pods"
-
-// Services, number
-#ResourceServices: #ResourceName & "services"
-
-// ReplicationControllers, number
-#ResourceReplicationControllers: #ResourceName & "replicationcontrollers"
-
-// ResourceQuotas, number
-#ResourceQuotas: #ResourceName & "resourcequotas"
-
-// ResourceSecrets, number
-#ResourceSecrets: #ResourceName & "secrets"
-
-// ResourceConfigMaps, number
-#ResourceConfigMaps: #ResourceName & "configmaps"
-
-// ResourcePersistentVolumeClaims, number
-#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims"
-
-// ResourceServicesNodePorts, number
-#ResourceServicesNodePorts: #ResourceName & "services.nodeports"
-
-// ResourceServicesLoadBalancers, number
-#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers"
-
-// CPU request, in cores. (500m = .5 cores)
-#ResourceRequestsCPU: #ResourceName & "requests.cpu"
-
-// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsMemory: #ResourceName & "requests.memory"
-
-// Storage request, in bytes
-#ResourceRequestsStorage: #ResourceName & "requests.storage"
-
-// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage"
-
-// CPU limit, in cores. (500m = .5 cores)
-#ResourceLimitsCPU: #ResourceName & "limits.cpu"
-
-// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsMemory: #ResourceName & "limits.memory"
-
-// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage"
-
-// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
-// As burst is not supported for HugePages, we would only quota its request, and ignore the limit.
-#ResourceRequestsHugePagesPrefix: "requests.hugepages-"
-
-// Default resource requests prefix
-#DefaultResourceRequestsPrefix: "requests."
-
-// A ResourceQuotaScope defines a filter that must match each object tracked by a quota
-// +enum
-#ResourceQuotaScope: string // #enumResourceQuotaScope
-
-#enumResourceQuotaScope:
- #ResourceQuotaScopeTerminating |
- #ResourceQuotaScopeNotTerminating |
- #ResourceQuotaScopeBestEffort |
- #ResourceQuotaScopeNotBestEffort |
- #ResourceQuotaScopePriorityClass |
- #ResourceQuotaScopeCrossNamespacePodAffinity
-
-// Match all pod objects where spec.activeDeadlineSeconds >=0
-#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating"
-
-// Match all pod objects where spec.activeDeadlineSeconds is nil
-#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating"
-
-// Match all pod objects that have best effort quality of service
-#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort"
-
-// Match all pod objects that do not have best effort quality of service
-#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort"
-
-// Match all pod objects that have priority class mentioned
-#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass"
-
-// Match all pod objects that have cross-namespace pod (anti)affinity mentioned.
-#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity"
-
-// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
-#ResourceQuotaSpec: {
- // hard is the set of desired hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // A collection of filters that must match each object tracked by a quota.
- // If not specified, the quota matches all objects.
- // +optional
- scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope)
-
- // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
- // but expressed using ScopeSelectorOperator in combination with possible values.
- // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
- // +optional
- scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt)
-}
-
-// A scope selector represents the AND of the selectors represented
-// by the scoped-resource selector requirements.
-// +structType=atomic
-#ScopeSelector: {
- // A list of scope selector requirements by scope of the resources.
- // +optional
- matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep)
-}
-
-// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
-// that relates the scope name and values.
-#ScopedResourceSelectorRequirement: {
- // The name of the scope that the selector applies to.
- scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt)
-
- // Represents a scope's relationship to a set of values.
- // Valid operators are In, NotIn, Exists, DoesNotExist.
- operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator)
-
- // An array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty.
- // This array is replaced during a strategic merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A scope selector operator is the set of operators that can be used in
-// a scope selector requirement.
-// +enum
-#ScopeSelectorOperator: string // #enumScopeSelectorOperator
-
-#enumScopeSelectorOperator:
- #ScopeSelectorOpIn |
- #ScopeSelectorOpNotIn |
- #ScopeSelectorOpExists |
- #ScopeSelectorOpDoesNotExist
-
-#ScopeSelectorOpIn: #ScopeSelectorOperator & "In"
-#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn"
-#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists"
-#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist"
-
-// ResourceQuotaStatus defines the enforced hard limits and observed use.
-#ResourceQuotaStatus: {
- // Hard is the set of enforced hard limits for each named resource.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- // +optional
- hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-
- // Used is the current observed total usage of the resource in the namespace.
- // +optional
- used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName)
-}
-
-// ResourceQuota sets aggregate quota restrictions enforced per namespace
-#ResourceQuota: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Spec defines the desired quota.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt)
-
- // Status defines the actual enforced quota and its current usage.
- // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt)
-}
-
-// ResourceQuotaList is a list of ResourceQuota items.
-#ResourceQuotaList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of ResourceQuota objects.
- // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
- items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep)
-}
-
-// Secret holds secret data of a certain type. The total bytes of the values in
-// the Data field must be less than MaxSecretSize bytes.
-#Secret: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the Secret cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt)
-
- // Data contains the secret data. Each key must consist of alphanumeric
- // characters, '-', '_' or '.'. The serialized form of the secret data is a
- // base64 encoded string, representing the arbitrary (possibly non-string)
- // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
- // +optional
- data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep)
-
- // stringData allows specifying non-binary secret data in string form.
- // It is provided as a write-only input field for convenience.
- // All keys and values are merged into the data field on write, overwriting any existing values.
- // The stringData field is never output when reading from the API.
- // +k8s:conversion-gen=false
- // +optional
- stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep)
-
- // Used to facilitate programmatic handling of secret data.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
- // +optional
- type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType)
-}
-
-#MaxSecretSize: 1048576
-
-#SecretType: string // #enumSecretType
-
-#enumSecretType:
- #SecretTypeOpaque |
- #SecretTypeServiceAccountToken |
- #SecretTypeDockercfg |
- #SecretTypeDockerConfigJson |
- #SecretTypeBasicAuth |
- #SecretTypeSSHAuth |
- #SecretTypeTLS |
- #SecretTypeBootstrapToken
-
-// SecretTypeOpaque is the default. Arbitrary user-defined data
-#SecretTypeOpaque: #SecretType & "Opaque"
-
-// SecretTypeServiceAccountToken contains a token that identifies a service account to the API
-//
-// Required fields:
-// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies
-// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies
-// - Secret.Data["token"] - a token that identifies the service account to the API
-#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token"
-
-// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountNameKey: "kubernetes.io/service-account.name"
-
-// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
-#ServiceAccountUIDKey: "kubernetes.io/service-account.uid"
-
-// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets
-#ServiceAccountTokenKey: "token"
-
-// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets
-#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig"
-
-// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets
-#ServiceAccountRootCAKey: "ca.crt"
-
-// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls
-#ServiceAccountNamespaceKey: "namespace"
-
-// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg
-//
-// Required fields:
-// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file
-#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg"
-
-// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets
-#DockerConfigKey: ".dockercfg"
-
-// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json
-//
-// Required fields:
-// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file
-#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson"
-
-// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets
-#DockerConfigJsonKey: ".dockerconfigjson"
-
-// SecretTypeBasicAuth contains data needed for basic authentication.
-//
-// Required at least one of fields:
-// - Secret.Data["username"] - username used for authentication
-// - Secret.Data["password"] - password or token needed for authentication
-#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth"
-
-// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets
-#BasicAuthUsernameKey: "username"
-
-// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets
-#BasicAuthPasswordKey: "password"
-
-// SecretTypeSSHAuth contains data needed for SSH authetication.
-//
-// Required field:
-// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication
-#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth"
-
-// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets
-#SSHAuthPrivateKey: "ssh-privatekey"
-
-// SecretTypeTLS contains information about a TLS client or server secret. It
-// is primarily used with TLS termination of the Ingress resource, but may be
-// used in other types.
-//
-// Required fields:
-// - Secret.Data["tls.key"] - TLS private key.
-// Secret.Data["tls.crt"] - TLS certificate.
-// TODO: Consider supporting different formats, specifying CA/destinationCA.
-#SecretTypeTLS: #SecretType & "kubernetes.io/tls"
-
-// TLSCertKey is the key for tls certificates in a TLS secret.
-#TLSCertKey: "tls.crt"
-
-// TLSPrivateKeyKey is the key for the private key field in a TLS secret.
-#TLSPrivateKeyKey: "tls.key"
-
-// SecretTypeBootstrapToken is used during the automated bootstrap process (first
-// implemented by kubeadm). It stores tokens that are used to sign well known
-// ConfigMaps. They are used for authn.
-#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token"
-
-// SecretList is a list of Secret.
-#SecretList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is a list of secret objects.
- // More info: https://kubernetes.io/docs/concepts/configuration/secret
- items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep)
-}
-
-// ConfigMap holds configuration data for pods to consume.
-#ConfigMap: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Immutable, if set to true, ensures that data stored in the ConfigMap cannot
- // be updated (only object metadata can be modified).
- // If not set to true, the field can be modified at any time.
- // Defaulted to nil.
- // +optional
- immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt)
-
- // Data contains the configuration data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // Values with non-UTF-8 byte sequences must use the BinaryData field.
- // The keys stored in Data must not overlap with the keys in
- // the BinaryData field, this is enforced during validation process.
- // +optional
- data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep)
-
- // BinaryData contains the binary data.
- // Each key must consist of alphanumeric characters, '-', '_' or '.'.
- // BinaryData can contain byte sequences that are not in the UTF-8 range.
- // The keys stored in BinaryData must not overlap with the ones in
- // the Data field, this is enforced during validation process.
- // Using this field will require 1.10+ apiserver and
- // kubelet.
- // +optional
- binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep)
-}
-
-// ConfigMapList is a resource containing a list of ConfigMap objects.
-#ConfigMapList: {
- metav1.#TypeMeta
-
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Items is the list of ConfigMaps.
- items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep)
-}
-
-// Type and constants for component health validation.
-#ComponentConditionType: string // #enumComponentConditionType
-
-#enumComponentConditionType:
- #ComponentHealthy
-
-#ComponentHealthy: #ComponentConditionType & "Healthy"
-
-// Information about the condition of a component.
-#ComponentCondition: {
- // Type of condition for a component.
- // Valid value: "Healthy"
- type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType)
-
- // Status of the condition for a component.
- // Valid values for "Healthy": "True", "False", or "Unknown".
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
-
- // Message about the condition for a component.
- // For example, information about a health check.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // Condition error code for a component.
- // For example, a health check error code.
- // +optional
- error?: string @go(Error) @protobuf(4,bytes,opt)
-}
-
-// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatus: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // List of component conditions observed
- // +optional
- // +patchMergeKey=type
- // +patchStrategy=merge
- conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep)
-}
-
-// Status of all the conditions for the component as a list of ComponentStatus objects.
-// Deprecated: This API is deprecated in v1.19+
-#ComponentStatusList: {
- metav1.#TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of ComponentStatus objects.
- items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep)
-}
-
-// DownwardAPIVolumeSource represents a volume containing downward API info.
-// Downward API volumes support ownership management and SELinux relabeling.
-#DownwardAPIVolumeSource: {
- // Items is a list of downward API volume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-
- // Optional: mode bits to use on created files by default. Must be a
- // Optional: mode bits used to set permissions on created files by default.
- // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // Defaults to 0644.
- // Directories within the path are not affected by this setting.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt)
-}
-
-#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644
-
-// DownwardAPIVolumeFile represents information to create the file containing the pod field
-#DownwardAPIVolumeFile: {
- // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
- path: string @go(Path) @protobuf(1,bytes,opt)
-
- // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
- // +optional
- fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt)
-
- // Selects a resource of the container: only resources limits and requests
- // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- // +optional
- resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt)
-
- // Optional: mode bits used to set permissions on this file, must be an octal value
- // between 0000 and 0777 or a decimal value between 0 and 511.
- // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- // If not specified, the volume defaultMode will be used.
- // This might be in conflict with other options that affect the file
- // mode, like fsGroup, and the result can be other mode bits set.
- // +optional
- mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt)
-}
-
-// Represents downward API info for projecting into a projected volume.
-// Note that this is identical to a downwardAPI volume source without the default
-// mode.
-#DownwardAPIProjection: {
- // Items is a list of DownwardAPIVolume file
- // +optional
- items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep)
-}
-
-// SecurityContext holds security configuration that will be applied to a container.
-// Some fields are present in both SecurityContext and PodSecurityContext. When both
-// are set, the values in SecurityContext take precedence.
-#SecurityContext: {
- // The capabilities to add/drop when running containers.
- // Defaults to the default set of capabilities granted by the container runtime.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt)
-
- // Run container in privileged mode.
- // Processes in privileged containers are essentially equivalent to root on the host.
- // Defaults to false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt)
-
- // The SELinux context to be applied to the container.
- // If unspecified, the container runtime will allocate a random SELinux context for each
- // container. May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt)
-
- // The Windows specific settings applied to all containers.
- // If unspecified, the options from the PodSecurityContext will be used.
- // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is linux.
- // +optional
- windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt)
-
- // The UID to run the entrypoint of the container process.
- // Defaults to user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt)
-
- // The GID to run the entrypoint of the container process.
- // Uses runtime default if unset.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt)
-
- // Indicates that the container must run as a non-root user.
- // If true, the Kubelet will validate the image at runtime to ensure that it
- // does not run as UID 0 (root) and fail to start the container if it does.
- // If unset or false, no such validation will be performed.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt)
-
- // Whether this container has a read-only root filesystem.
- // Default is false.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt)
-
- // AllowPrivilegeEscalation controls whether a process can gain more
- // privileges than its parent process. This bool directly controls if
- // the no_new_privs flag will be set on the container process.
- // AllowPrivilegeEscalation is true always when the container is:
- // 1) run as Privileged
- // 2) has CAP_SYS_ADMIN
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt)
-
- // procMount denotes the type of proc mount to use for the containers.
- // The default is DefaultProcMount which uses the container runtime defaults for
- // readonly paths and masked paths.
- // This requires the ProcMountType feature flag to be enabled.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt)
-
- // The seccomp options to use by this container. If seccomp options are
- // provided at both the pod & container level, the container options
- // override the pod options.
- // Note that this field cannot be set when spec.os.name is windows.
- // +optional
- seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt)
-}
-
-// +enum
-#ProcMountType: string // #enumProcMountType
-
-#enumProcMountType:
- #DefaultProcMount |
- #UnmaskedProcMount
-
-// DefaultProcMount uses the container runtime defaults for readonly and masked
-// paths for /proc. Most container runtimes mask certain paths in /proc to avoid
-// accidental security exposure of special devices or information.
-#DefaultProcMount: #ProcMountType & "Default"
-
-// UnmaskedProcMount bypasses the default masking behavior of the container
-// runtime and ensures the newly created /proc the container stays in tact with
-// no modifications.
-#UnmaskedProcMount: #ProcMountType & "Unmasked"
-
-// SELinuxOptions are the labels to be applied to the container
-#SELinuxOptions: {
- // User is a SELinux user label that applies to the container.
- // +optional
- user?: string @go(User) @protobuf(1,bytes,opt)
-
- // Role is a SELinux role label that applies to the container.
- // +optional
- role?: string @go(Role) @protobuf(2,bytes,opt)
-
- // Type is a SELinux type label that applies to the container.
- // +optional
- type?: string @go(Type) @protobuf(3,bytes,opt)
-
- // Level is SELinux level label that applies to the container.
- // +optional
- level?: string @go(Level) @protobuf(4,bytes,opt)
-}
-
-// WindowsSecurityContextOptions contain Windows-specific options and credentials.
-#WindowsSecurityContextOptions: {
- // GMSACredentialSpecName is the name of the GMSA credential spec to use.
- // +optional
- gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt)
-
- // GMSACredentialSpec is where the GMSA admission webhook
- // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- // GMSA credential spec named by the GMSACredentialSpecName field.
- // +optional
- gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt)
-
- // The UserName in Windows to run the entrypoint of the container process.
- // Defaults to the user specified in image metadata if unspecified.
- // May also be set in PodSecurityContext. If set in both SecurityContext and
- // PodSecurityContext, the value specified in SecurityContext takes precedence.
- // +optional
- runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt)
-
- // HostProcess determines if a container should be run as a 'Host Process' container.
- // All of a Pod's containers must have the same effective HostProcess value
- // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- // In addition, if HostProcess is true then HostNetwork must also be set to true.
- // +optional
- hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt)
-}
-
-// RangeAllocation is not a public type.
-#RangeAllocation: {
- metav1.#TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-
- // Range is string that identifies the range represented by 'data'.
- range: string @go(Range) @protobuf(2,bytes,opt)
-
- // Data is a bit array containing all allocated addresses in the previous segment.
- data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt)
-}
-
-// DefaultSchedulerName defines the name of default scheduler.
-#DefaultSchedulerName: "default-scheduler"
-
-// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule
-// corresponding to every RequiredDuringScheduling affinity rule.
-// When the --hard-pod-affinity-weight scheduler flag is not specified,
-// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule.
-#DefaultHardPodAffinitySymmetricWeight: int32 & 1
-
-// Sysctl defines a kernel parameter to be set
-#Sysctl: {
- // Name of a property to set
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // Value of a property to set
- value: string @go(Value) @protobuf(2,bytes,opt)
-}
-
-// NodeResources is an object for conveying resource information about a node.
-// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details.
-#NodeResources: {
- // Capacity represents the available resources of a node
- Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName)
-}
-
-// Enable stdin for remote command execution
-#ExecStdinParam: "input"
-
-// Enable stdout for remote command execution
-#ExecStdoutParam: "output"
-
-// Enable stderr for remote command execution
-#ExecStderrParam: "error"
-
-// Enable TTY for remote command execution
-#ExecTTYParam: "tty"
-
-// Command to run for remote command execution
-#ExecCommandParam: "command"
-
-// Name of header that specifies stream type
-#StreamType: "streamType"
-
-// Value for streamType header for stdin stream
-#StreamTypeStdin: "stdin"
-
-// Value for streamType header for stdout stream
-#StreamTypeStdout: "stdout"
-
-// Value for streamType header for stderr stream
-#StreamTypeStderr: "stderr"
-
-// Value for streamType header for data stream
-#StreamTypeData: "data"
-
-// Value for streamType header for error stream
-#StreamTypeError: "error"
-
-// Value for streamType header for terminal resize stream
-#StreamTypeResize: "resize"
-
-// Name of header that specifies the port being forwarded
-#PortHeader: "port"
-
-// Name of header that specifies a request ID used to associate the error
-// and data streams for a single forwarded connection
-#PortForwardRequestIDHeader: "requestID"
-
-// MixedProtocolNotSupported error in PortStatus means that the cloud provider
-// can't publish the port on the load balancer because mixed values of protocols
-// on the same LoadBalancer type of Service are not supported by the cloud provider.
-#MixedProtocolNotSupported: "MixedProtocolNotSupported"
-
-#PortStatus: {
- // Port is the port number of the service port of which status is recorded here
- port: int32 @go(Port) @protobuf(1,varint,opt)
-
- // Protocol is the protocol of the service port of which status is recorded here
- // The supported values are: "TCP", "UDP", "SCTP"
- protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
-
- // Error is to record the problem with the service port
- // The format of the error shall comply with the following rules:
- // - built-in error values shall be specified in this file and those shall use
- // CamelCase names
- // - cloud provider specific error values must have names that comply with the
- // format foo.example.com/CamelCase.
- // ---
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +optional
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- error?: null | string @go(Error,*string) @protobuf(3,bytes,opt)
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
deleted file mode 100644
index 2a1f060b6..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
+++ /dev/null
@@ -1,59 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-#LabelHostname: "kubernetes.io/hostname"
-
-// Label value is the network location of kube-apiserver stored as
-// Stored in APIServer Identity lease objects to view what address is used for peer proxy
-#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address"
-#LabelTopologyZone: "topology.kubernetes.io/zone"
-#LabelTopologyRegion: "topology.kubernetes.io/region"
-
-// These label have been deprecated since 1.17, but will be supported for
-// the foreseeable future, to accommodate things like long-lived PVs that
-// use them. New users should prefer the "topology.kubernetes.io/*"
-// equivalents.
-#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone"
-#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region"
-
-// Retained for compat when vendored. Do not use these consts in new code.
-#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone"
-#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region"
-#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone"
-#LabelZoneRegionStable: "topology.kubernetes.io/region"
-#LabelInstanceType: "beta.kubernetes.io/instance-type"
-#LabelInstanceTypeStable: "node.kubernetes.io/instance-type"
-#LabelOSStable: "kubernetes.io/os"
-#LabelArchStable: "kubernetes.io/arch"
-
-// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0.
-// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763)
-#LabelWindowsBuild: "node.kubernetes.io/windows-build"
-
-// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*)
-#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io"
-
-// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*)
-#LabelNamespaceSuffixNode: "node.kubernetes.io"
-
-// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled
-#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io"
-
-// IsHeadlessService is added by Controller to an Endpoint denoting if its parent
-// Service is Headless. The existence of this label can be used further by other
-// controllers and kube-proxy to check if the Endpoint objects should be replicated when
-// using Headless Services
-#IsHeadlessService: "service.kubernetes.io/headless"
-
-// LabelNodeExcludeBalancers specifies that the node should not be considered as a target
-// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only
-// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that
-// any backends on excluded nodes are not reachable by those external load-balancers.
-// Implementations of this exclusion may vary based on provider.
-#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers"
-
-// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels
-#LabelMetadataName: "kubernetes.io/metadata.name"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
deleted file mode 100644
index b7c097336..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/api/core/v1
-
-package v1
-
-// TaintNodeNotReady will be added when node is not ready
-// and removed when node becomes ready.
-#TaintNodeNotReady: "node.kubernetes.io/not-ready"
-
-// TaintNodeUnreachable will be added when node becomes unreachable
-// (corresponding to NodeReady status ConditionUnknown)
-// and removed when node becomes reachable (NodeReady status ConditionTrue).
-#TaintNodeUnreachable: "node.kubernetes.io/unreachable"
-
-// TaintNodeUnschedulable will be added when node becomes unschedulable
-// and removed when node becomes schedulable.
-#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable"
-
-// TaintNodeMemoryPressure will be added when node has memory pressure
-// and removed when node has enough memory.
-#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure"
-
-// TaintNodeDiskPressure will be added when node has disk pressure
-// and removed when node has enough disk.
-#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure"
-
-// TaintNodeNetworkUnavailable will be added when node's network is unavailable
-// and removed when network becomes ready.
-#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable"
-
-// TaintNodePIDPressure will be added when node has pid pressure
-// and removed when node has enough pid.
-#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure"
-
-// TaintNodeOutOfService can be added when node is out of service in case of
-// a non-graceful shutdown
-#TaintNodeOutOfService: "node.kubernetes.io/out-of-service"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
deleted file mode 100644
index cef44ba5c..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Scale is used for getting and setting the base-10 scaled value.
-// Base-2 scales are omitted for mathematical simplicity.
-// See Quantity.ScaledValue for more details.
-#Scale: int32 // #enumScale
-
-#enumScale:
- #Nano |
- #Micro |
- #Milli |
- #Kilo |
- #Mega |
- #Giga |
- #Tera |
- #Peta |
- #Exa
-
-#values_Scale: {
- Nano: #Nano
- Micro: #Micro
- Milli: #Milli
- Kilo: #Kilo
- Mega: #Mega
- Giga: #Giga
- Tera: #Tera
- Peta: #Peta
- Exa: #Exa
-}
-
-#Nano: #Scale & -9
-#Micro: #Scale & -6
-#Milli: #Scale & -3
-#Kilo: #Scale & 3
-#Mega: #Scale & 6
-#Giga: #Scale & 9
-#Tera: #Scale & 12
-#Peta: #Scale & 15
-#Exa: #Scale & 18
-
-// infDecAmount implements common operations over an inf.Dec that are specific to the quantity
-// representation.
-_#infDecAmount: string
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
deleted file mode 100644
index 711f2096f..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
+++ /dev/null
@@ -1,13 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64.
-// It is also the maximum decimal digits that can be represented with an int64.
-_#maxInt64Factors: 18
-
-_#mostNegative: -9223372036854775808
-
-_#mostPositive: 9223372036854775807
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
deleted file mode 100644
index 9d9713a1b..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
+++ /dev/null
@@ -1,107 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-// Quantity is a fixed-point representation of a number.
-// It provides convenient marshaling/unmarshaling in JSON and YAML,
-// in addition to String() and AsInt64() accessors.
-//
-// The serialization format is:
-//
-// ```
-// ::=
-//
-// (Note that may be empty, from the "" case in .)
-//
-// ::= 0 | 1 | ... | 9
-// ::= |
-// ::= | . | . | .
-// ::= "+" | "-"
-// ::= |
-// ::= | |
-// ::= Ki | Mi | Gi | Ti | Pi | Ei
-//
-// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
-//
-// ::= m | "" | k | M | G | T | P | E
-//
-// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
-//
-// ::= "e" | "E"
-// ```
-//
-// No matter which of the three exponent forms is used, no quantity may represent
-// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal
-// places. Numbers larger or more precise will be capped or rounded up.
-// (E.g.: 0.1m will rounded up to 1m.)
-// This may be extended in the future if we require larger or smaller quantities.
-//
-// When a Quantity is parsed from a string, it will remember the type of suffix
-// it had, and will use the same type again when it is serialized.
-//
-// Before serializing, Quantity will be put in "canonical form".
-// This means that Exponent/suffix will be adjusted up or down (with a
-// corresponding increase or decrease in Mantissa) such that:
-//
-// - No precision is lost
-// - No fractional digits will be emitted
-// - The exponent (or suffix) is as large as possible.
-//
-// The sign will be omitted unless the number is negative.
-//
-// Examples:
-//
-// - 1.5 will be serialized as "1500m"
-// - 1.5Gi will be serialized as "1536Mi"
-//
-// Note that the quantity will NEVER be internally represented by a
-// floating point number. That is the whole point of this exercise.
-//
-// Non-canonical values will still parse as long as they are well formed,
-// but will be re-emitted in their canonical form. (So always use canonical
-// form, or don't diff.)
-//
-// This format is intended to make it difficult to use these numbers without
-// writing some sort of special handling code in the hopes that that will
-// cause implementors to also use a fixed point implementation.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-// +k8s:openapi-gen=true
-#Quantity: _
-
-// CanonicalValue allows a quantity amount to be converted to a string.
-#CanonicalValue: _
-
-// Format lists the three possible formattings of a quantity.
-#Format: string // #enumFormat
-
-#enumFormat:
- #DecimalExponent |
- #BinarySI |
- #DecimalSI
-
-#DecimalExponent: #Format & "DecimalExponent"
-#BinarySI: #Format & "BinarySI"
-#DecimalSI: #Format & "DecimalSI"
-
-// splitREString is used to separate a number from its suffix; as such,
-// this is overly permissive, but that's OK-- it will be checked later.
-_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
-
-_#int64QuantityExpectedBytes: 18
-
-// QuantityValue makes it possible to use a Quantity as value for a command
-// line parameter.
-//
-// +protobuf=true
-// +protobuf.embed=string
-// +protobuf.options.marshal=false
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen=true
-#QuantityValue: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
deleted file mode 100644
index b40d68ec1..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
-
-package resource
-
-_#suffix: string
-
-// suffixer can interpret and construct suffixes.
-_#suffixer: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
deleted file mode 100644
index 25ea8ecf1..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Duration is a wrapper around time.Duration which supports correct
-// marshaling to YAML and JSON. In particular, it marshals into strings, which
-// can be used as map keys in json.
-#Duration: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
deleted file mode 100644
index 7ff538603..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- resource: string @go(Resource) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionResource: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- resource: string @go(Resource) @protobuf(3,bytes,opt)
-}
-
-// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
-// concepts during lookup stages without having partially valid types
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- kind: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
-// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersionKind: {
- group: string @go(Group) @protobuf(1,bytes,opt)
- version: string @go(Version) @protobuf(2,bytes,opt)
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-}
-
-// GroupVersion contains the "group" and the "version", which uniquely identifies the API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#GroupVersion: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
deleted file mode 100644
index f3c39a466..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
+++ /dev/null
@@ -1,33 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// TODO: move this, Object, List, and Type to a different package
-#ObjectMetaAccessor: _
-
-// Object lets you work with object metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field (Name, UID, Namespace on lists) will be a no-op and return
-// a default value.
-#Object: _
-
-// ListMetaAccessor retrieves the list interface from an object
-#ListMetaAccessor: _
-
-// Common lets you work with core metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Common: _
-
-// ListInterface lets you work with list metadata from any of the versioned or
-// internal API objects. Attempting to set or retrieve a field on an object that does
-// not support that field will be a no-op and return a default value.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#ListInterface: _
-
-// Type exposes the type and APIVersion of versioned or internal API objects.
-// TODO: move this, and TypeMeta and ListMeta, to a different package
-#Type: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
deleted file mode 100644
index 3c067bae3..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00"
-
-// MicroTime is version of Time with microsecond level precision.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#MicroTime: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
deleted file mode 100644
index 39d23b288..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-#GroupName: "meta.k8s.io"
-
-#WatchEventKind: "WatchEvent"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
deleted file mode 100644
index b3c8ec266..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Time is a wrapper around time.Time which supports correct
-// marshaling to YAML and JSON. Wrappers are provided for many
-// of the factory methods that the time package offers.
-//
-// +protobuf.options.marshal=false
-// +protobuf.as=Timestamp
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Time: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
deleted file mode 100644
index 835392730..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-// Timestamp is a struct that is equivalent to Time, but intended for
-// protobuf marshalling/unmarshalling. It is generated into a serialization
-// that matches Time. Do not use in Go structs.
-#Timestamp: {
- // Represents seconds of UTC time since Unix epoch
- // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
- // 9999-12-31T23:59:59Z inclusive.
- seconds: int64 @go(Seconds) @protobuf(1,varint,opt)
-
- // Non-negative fractions of a second at nanosecond resolution. Negative
- // second values with fractions must still have non-negative nanos values
- // that count forward in time. Must be from 0 to 999,999,999
- // inclusive. This field may be limited in precision depending on context.
- nanos: int32 @go(Nanos) @protobuf(2,varint,opt)
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
deleted file mode 100644
index a0deb7c90..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
+++ /dev/null
@@ -1,1561 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-// Package v1 contains API types that are common to all versions.
-//
-// The package contains two categories of types:
-// - external (serialized) types that lack their own version (e.g TypeMeta)
-// - internal (never-serialized) types that are needed by several different
-// api groups, and so live here, to avoid duplication and/or import loops
-// (e.g. LabelSelector).
-//
-// In the future, we will probably move these categories of objects into
-// separate packages.
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-// TypeMeta describes an individual object in an API response or request
-// with strings representing the type of the object and its API schema version.
-// Structures that are versioned or persisted should inline TypeMeta.
-//
-// +k8s:deepcopy-gen=false
-#TypeMeta: {
- // Kind is a string value representing the REST resource this object represents.
- // Servers may infer this from the endpoint the client submits requests to.
- // Cannot be updated.
- // In CamelCase.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(1,bytes,opt)
-
- // APIVersion defines the versioned schema of this representation of an object.
- // Servers should convert recognized schemas to the latest internal value, and
- // may reject unrecognized values.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt)
-}
-
-// ListMeta describes metadata that synthetic resources must have, including lists and
-// various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
-#ListMeta: {
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt)
-
- // String that identifies the server's internal version of this object that
- // can be used by clients to determine when objects have changed.
- // Value must be treated as opaque by clients and passed unmodified back to the server.
- // Populated by the system.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt)
-
- // continue may be set if the user set a limit on the number of items returned, and indicates that
- // the server has more data available. The value is opaque and may be used to issue another request
- // to the endpoint that served this list to retrieve the next set of available objects. Continuing a
- // consistent list may not be possible if the server configuration has changed or more than a few
- // minutes have passed. The resourceVersion field returned when using this continue value will be
- // identical to the value in the first response, unless you have received this token from an error
- // message.
- continue?: string @go(Continue) @protobuf(3,bytes,opt)
-
- // remainingItemCount is the number of subsequent items in the list which are not included in this
- // list response. If the list request contained label or field selectors, then the number of
- // remaining items is unknown and the field will be left unset and omitted during serialization.
- // If the list is complete (either because it is not chunking or because this is the last chunk),
- // then there are no more remaining items and this field will be left unset and omitted during
- // serialization.
- // Servers older than v1.15 do not set this field.
- // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients
- // should not rely on the remainingItemCount to be set or to be exact.
- // +optional
- remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt)
-}
-
-#ObjectNameField: "metadata.name"
-
-#FinalizerOrphanDependents: "orphan"
-#FinalizerDeleteDependents: "foregroundDeletion"
-
-// ObjectMeta is metadata that all persisted resources must have, which includes all objects
-// users must create.
-#ObjectMeta: {
- // Name must be unique within a namespace. Is required when creating resources, although
- // some resources may allow a client to request the generation of an appropriate name
- // automatically. Name is primarily intended for creation idempotence and configuration
- // definition.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // GenerateName is an optional prefix, used by the server, to generate a unique
- // name ONLY IF the Name field has not been provided.
- // If this field is used, the name returned to the client will be different
- // than the name passed. This value will also be combined with a unique suffix.
- // The provided value has the same validation rules as the Name field,
- // and may be truncated by the length of the suffix required to make the value
- // unique on the server.
- //
- // If this field is specified and the generated name exists, the server will return a 409.
- //
- // Applied only if Name is not specified.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- // +optional
- generateName?: string @go(GenerateName) @protobuf(2,bytes,opt)
-
- // Namespace defines the space within which each name must be unique. An empty namespace is
- // equivalent to the "default" namespace, but "default" is the canonical representation.
- // Not all objects are required to be scoped to a namespace - the value of this field for
- // those objects will be empty.
- //
- // Must be a DNS_LABEL.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- // +optional
- namespace?: string @go(Namespace) @protobuf(3,bytes,opt)
-
- // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
- // +optional
- selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt)
-
- // UID is the unique in time and space value for this object. It is typically generated by
- // the server on successful creation of a resource and is not allowed to change on PUT
- // operations.
- //
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID)
-
- // An opaque value that represents the internal version of this object that can
- // be used by clients to determine when objects have changed. May be used for optimistic
- // concurrency, change detection, and the watch operation on a resource or set of resources.
- // Clients must treat these values as opaque and passed unmodified back to the server.
- // They may only be valid for a particular resource or set of resources.
- //
- // Populated by the system.
- // Read-only.
- // Value must be treated as opaque by clients and .
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt)
-
- // A sequence number representing a specific generation of the desired state.
- // Populated by the system. Read-only.
- // +optional
- generation?: int64 @go(Generation) @protobuf(7,varint,opt)
-
- // CreationTimestamp is a timestamp representing the server time when this object was
- // created. It is not guaranteed to be set in happens-before order across separate operations.
- // Clients may not set this value. It is represented in RFC3339 form and is in UTC.
- //
- // Populated by the system.
- // Read-only.
- // Null for lists.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt)
-
- // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
- // field is set by the server when a graceful deletion is requested by the user, and is not
- // directly settable by a client. The resource is expected to be deleted (no longer visible
- // from resource lists, and not reachable by name) after the time in this field, once the
- // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked.
- // Once the deletionTimestamp is set, this value may not be unset or be set further into the
- // future, although it may be shortened or the resource may be deleted prior to this time.
- // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react
- // by sending a graceful termination signal to the containers in the pod. After that 30 seconds,
- // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup,
- // remove the pod from the API. In the presence of network partitions, this object may still
- // exist after this timestamp, until an administrator or automated process can determine the
- // resource is fully terminated.
- // If not set, graceful deletion of the object has not been requested.
- //
- // Populated by the system when a graceful deletion is requested.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt)
-
- // Number of seconds allowed for this object to gracefully terminate before
- // it will be removed from the system. Only set when deletionTimestamp is also set.
- // May only be shortened.
- // Read-only.
- // +optional
- deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt)
-
- // Map of string keys and values that can be used to organize and categorize
- // (scope and select) objects. May match selectors of replication controllers
- // and services.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- // +optional
- labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep)
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set by external tools to store and retrieve arbitrary metadata. They are not
- // queryable and should be preserved when modifying objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- // +optional
- annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep)
-
- // List of objects depended by this object. If ALL objects in the list have
- // been deleted, this object will be garbage collected. If this object is managed by a controller,
- // then an entry in this list will point to this controller, with the controller field set to true.
- // There cannot be more than one managing controller.
- // +optional
- // +patchMergeKey=uid
- // +patchStrategy=merge
- ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep)
-
- // Must be empty before the object is deleted from the registry. Each entry
- // is an identifier for the responsible component that will remove the entry
- // from the list. If the deletionTimestamp of the object is non-nil, entries
- // in this list can only be removed.
- // Finalizers may be processed and removed in any order. Order is NOT enforced
- // because it introduces significant risk of stuck finalizers.
- // finalizers is a shared field, any actor with permission can reorder it.
- // If the finalizer list is processed in order, then this can lead to a situation
- // in which the component responsible for the first finalizer in the list is
- // waiting for a signal (field value, external system, or other) produced by a
- // component responsible for a finalizer later in the list, resulting in a deadlock.
- // Without enforced ordering finalizers are free to order amongst themselves and
- // are not vulnerable to ordering changes in the list.
- // +optional
- // +patchStrategy=merge
- finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep)
-
- // ManagedFields maps workflow-id and version to the set of fields
- // that are managed by that workflow. This is mostly for internal
- // housekeeping, and users typically shouldn't need to set or
- // understand this field. A workflow can be the user's name, a
- // controller's name, or the name of a specific apply path like
- // "ci-cd". The set of fields is always in the version that the
- // workflow used when modifying the object.
- //
- // +optional
- managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep)
-}
-
-// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
-#NamespaceDefault: "default"
-
-// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
-#NamespaceAll: ""
-
-// NamespaceNone is the argument for a context when there is no namespace.
-#NamespaceNone: ""
-
-// NamespaceSystem is the system namespace where we place system components.
-#NamespaceSystem: "kube-system"
-
-// NamespacePublic is the namespace where we place public info (ConfigMaps)
-#NamespacePublic: "kube-public"
-
-// OwnerReference contains enough information to let you identify an owning
-// object. An owning object must be in the same namespace as the dependent, or
-// be cluster-scoped, so there is no namespace field.
-// +structType=atomic
-#OwnerReference: {
- // API version of the referent.
- apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt)
-
- // Kind of the referent.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- kind: string @go(Kind) @protobuf(1,bytes,opt)
-
- // Name of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name: string @go(Name) @protobuf(3,bytes,opt)
-
- // UID of the referent.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // If true, this reference points to the managing controller.
- // +optional
- controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt)
-
- // If true, AND if the owner has the "foregroundDeletion" finalizer, then
- // the owner cannot be deleted from the key-value store until this
- // reference is removed.
- // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- // for how the garbage collector interacts with this field and enforces the foreground deletion.
- // Defaults to false.
- // To set this field, a user needs "delete" permission of the owner,
- // otherwise 422 (Unprocessable Entity) will be returned.
- // +optional
- blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt)
-}
-
-// ListOptions is the query options to a standard REST list call.
-#ListOptions: {
- #TypeMeta
-
- // A selector to restrict the list of returned objects by their labels.
- // Defaults to everything.
- // +optional
- labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt)
-
- // A selector to restrict the list of returned objects by their fields.
- // Defaults to everything.
- // +optional
- fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt)
-
- // Watch for changes to the described resources and return them as a stream of
- // add, update, and remove notifications. Specify resourceVersion.
- // +optional
- watch?: bool @go(Watch) @protobuf(3,varint,opt)
-
- // allowWatchBookmarks requests watch events with type "BOOKMARK".
- // Servers that do not implement bookmarks may ignore this flag and
- // bookmarks are sent at the server's discretion. Clients should not
- // assume bookmarks are returned at any specific interval, nor may they
- // assume the server will send any BOOKMARK event during a session.
- // If this is not a watch, this field is ignored.
- // +optional
- allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt)
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt)
-
- // resourceVersionMatch determines how resourceVersion is applied to list calls.
- // It is highly recommended that resourceVersionMatch be set for list calls where
- // resourceVersion is set
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch)
-
- // Timeout for the list/watch call.
- // This limits the duration of the call, regardless of any activity or inactivity.
- // +optional
- timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt)
-
- // limit is a maximum number of responses to return for a list call. If more items exist, the
- // server will set the `continue` field on the list metadata to a value that can be used with the
- // same initial query to retrieve the next set of results. Setting a limit may return fewer than
- // the requested amount of items (up to zero items) in the event all requested objects are
- // filtered out and clients should only use the presence of the continue field to determine whether
- // more results are available. Servers may choose not to support the limit argument and will return
- // all of the available results. If limit is specified and the continue field is empty, clients may
- // assume that no more results are available. This field is not supported if watch is true.
- //
- // The server guarantees that the objects returned when using continue will be identical to issuing
- // a single list call without a limit - that is, no objects created, modified, or deleted after the
- // first request is issued will be included in any subsequent continued requests. This is sometimes
- // referred to as a consistent snapshot, and ensures that a client that is using limit to receive
- // smaller chunks of a very large result can ensure they see all possible objects. If objects are
- // updated during a chunked list the version of the object that was present at the time the first list
- // result was calculated is returned.
- limit?: int64 @go(Limit) @protobuf(7,varint,opt)
-
- // The continue option should be set when retrieving more results from the server. Since this value is
- // server defined, clients may only use the continue value from a previous query result with identical
- // query parameters (except for the value of continue) and the server may reject a continue value it
- // does not recognize. If the specified continue value is no longer valid whether due to expiration
- // (generally five to fifteen minutes) or a configuration change on the server, the server will
- // respond with a 410 ResourceExpired error together with a continue token. If the client needs a
- // consistent list, it must restart their list without the continue field. Otherwise, the client may
- // send another list request with the token received with the 410 error, the server will respond with
- // a list starting from the next key, but from the latest snapshot, which is inconsistent from the
- // previous list results - objects that are created, modified, or deleted after the first list request
- // will be included in the response, as long as their keys are after the "next key".
- //
- // This field is not supported when watch is true. Clients may start a watch from the last
- // resourceVersion value returned by the server and not miss any modifications.
- continue?: string @go(Continue) @protobuf(8,bytes,opt)
-
- // `sendInitialEvents=true` may be set together with `watch=true`.
- // In that case, the watch stream will begin with synthetic events to
- // produce the current state of objects in the collection. Once all such
- // events have been sent, a synthetic "Bookmark" event will be sent.
- // The bookmark will report the ResourceVersion (RV) corresponding to the
- // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation.
- // Afterwards, the watch stream will proceed as usual, sending watch events
- // corresponding to changes (subsequent to the RV) to objects watched.
- //
- // When `sendInitialEvents` option is set, we require `resourceVersionMatch`
- // option to also be set. The semantic of the watch request is as following:
- // - `resourceVersionMatch` = NotOlderThan
- // is interpreted as "data at least as new as the provided `resourceVersion`"
- // and the bookmark event is send when the state is synced
- // to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
- // If `resourceVersion` is unset, this is interpreted as "consistent read" and the
- // bookmark event is send when the state is synced at least to the moment
- // when request started being processed.
- // - `resourceVersionMatch` set to any other value or unset
- // Invalid error is returned.
- //
- // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward
- // compatibility reasons) and to false otherwise.
- // +optional
- sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt)
-}
-
-// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch
-// may only be set if resourceVersion is also set.
-//
-// "NotOlderThan" matches data at least as new as the provided resourceVersion.
-// "Exact" matches data at the exact resourceVersion provided.
-//
-// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
-// details.
-#ResourceVersionMatch: string // #enumResourceVersionMatch
-
-#enumResourceVersionMatch:
- #ResourceVersionMatchNotOlderThan |
- #ResourceVersionMatchExact
-
-// ResourceVersionMatchNotOlderThan matches data at least as new as the provided
-// resourceVersion.
-#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan"
-
-// ResourceVersionMatchExact matches data at the exact resourceVersion
-// provided.
-#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact"
-
-// GetOptions is the standard query options to the standard REST get call.
-#GetOptions: {
- #TypeMeta
-
- // resourceVersion sets a constraint on what resource versions a request may be served from.
- // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for
- // details.
- //
- // Defaults to unset
- // +optional
- resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt)
-}
-
-// DeletionPropagation decides if a deletion will propagate to the dependents of
-// the object, and how the garbage collector will handle the propagation.
-#DeletionPropagation: string // #enumDeletionPropagation
-
-#enumDeletionPropagation:
- #DeletePropagationOrphan |
- #DeletePropagationBackground |
- #DeletePropagationForeground
-
-// Orphans the dependents.
-#DeletePropagationOrphan: #DeletionPropagation & "Orphan"
-
-// Deletes the object from the key-value store, the garbage collector will
-// delete the dependents in the background.
-#DeletePropagationBackground: #DeletionPropagation & "Background"
-
-// The object exists in the key-value store until the garbage collector
-// deletes all the dependents whose ownerReference.blockOwnerDeletion=true
-// from the key-value store. API sever will put the "foregroundDeletion"
-// finalizer on the object, and sets its deletionTimestamp. This policy is
-// cascading, i.e., the dependents will be deleted with Foreground.
-#DeletePropagationForeground: #DeletionPropagation & "Foreground"
-
-// DryRunAll means to complete all processing stages, but don't
-// persist changes to storage.
-#DryRunAll: "All"
-
-// DeleteOptions may be provided when deleting an API object.
-#DeleteOptions: {
- #TypeMeta
-
- // The duration in seconds before the object should be deleted. Value must be non-negative integer.
- // The value zero indicates delete immediately. If this value is nil, the default grace period for the
- // specified type will be used.
- // Defaults to a per object value if not specified. zero means delete immediately.
- // +optional
- gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt)
-
- // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
- // returned.
- // +k8s:conversion-gen=false
- // +optional
- preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt)
-
- // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
- // Should the dependent objects be orphaned. If true/false, the "orphan"
- // finalizer will be added to/removed from the object's finalizers list.
- // Either this field or PropagationPolicy may be set, but not both.
- // +optional
- orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt)
-
- // Whether and how garbage collection will be performed.
- // Either this field or OrphanDependents may be set, but not both.
- // The default policy is decided by the existing finalizer set in the
- // metadata.finalizers and the resource-specific default policy.
- // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
- // allow the garbage collector to delete the dependents in the background;
- // 'Foreground' - a cascading policy that deletes all dependents in the
- // foreground.
- // +optional
- propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt)
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep)
-}
-
-// FieldValidationIgnore ignores unknown/duplicate fields
-#FieldValidationIgnore: "Ignore"
-
-// FieldValidationWarn responds with a warning, but successfully serve the request
-#FieldValidationWarn: "Warn"
-
-// FieldValidationStrict fails the request on unknown/duplicate fields
-#FieldValidationStrict: "Strict"
-
-// CreateOptions may be provided when creating an API object.
-#CreateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// PatchOptions may be provided when patching an API object.
-// PatchOptions is meant to be a superset of UpdateOptions.
-#PatchOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people. Force
- // flag must be unset for non-apply patch requests.
- // +optional
- force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required for apply requests
- // (application/apply-patch) but optional for non-apply patch
- // types (JsonPatch, MergePatch, StrategicMergePatch).
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(3,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes)
-}
-
-// ApplyOptions may be provided when applying an API object.
-// FieldManager is required for apply requests.
-// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation
-// that speaks specifically to how the options fields relate to apply.
-#ApplyOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // Force is going to "force" Apply requests. It means user will
- // re-acquire conflicting fields owned by other people.
- force: bool @go(Force) @protobuf(2,varint,opt)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint. This
- // field is required.
- fieldManager: string @go(FieldManager) @protobuf(3,bytes)
-}
-
-// UpdateOptions may be provided when updating an API object.
-// All fields in UpdateOptions should also be present in PatchOptions.
-#UpdateOptions: {
- #TypeMeta
-
- // When present, indicates that modifications should not be
- // persisted. An invalid or unrecognized dryRun directive will
- // result in an error response and no further processing of the
- // request. Valid values are:
- // - All: all dry run stages will be processed
- // +optional
- dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep)
-
- // fieldManager is a name associated with the actor or entity
- // that is making these changes. The value must be less than or
- // 128 characters long, and only contain printable characters,
- // as defined by https://golang.org/pkg/unicode/#IsPrint.
- // +optional
- fieldManager?: string @go(FieldManager) @protobuf(2,bytes)
-
- // fieldValidation instructs the server on how to handle
- // objects in the request (POST/PUT/PATCH) containing unknown
- // or duplicate fields. Valid values are:
- // - Ignore: This will ignore any unknown fields that are silently
- // dropped from the object, and will ignore all but the last duplicate
- // field that the decoder encounters. This is the default behavior
- // prior to v1.23.
- // - Warn: This will send a warning via the standard warning response
- // header for each unknown field that is dropped from the object, and
- // for each duplicate field that is encountered. The request will
- // still succeed if there are no other errors, and will only persist
- // the last of any duplicate fields. This is the default in v1.23+
- // - Strict: This will fail the request with a BadRequest error if
- // any unknown fields would be dropped from the object, or if any
- // duplicate fields are present. The error returned from the server
- // will contain all unknown and duplicate fields encountered.
- // +optional
- fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes)
-}
-
-// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
-#Preconditions: {
- // Specifies the target UID.
- // +optional
- uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // Specifies the target ResourceVersion
- // +optional
- resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt)
-}
-
-// Status is a return value for calls that don't return other objects.
-#Status: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // Status of the operation.
- // One of: "Success" or "Failure".
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- // +optional
- status?: string @go(Status) @protobuf(2,bytes,opt)
-
- // A human-readable description of the status of this operation.
- // +optional
- message?: string @go(Message) @protobuf(3,bytes,opt)
-
- // A machine-readable description of why this operation is in the
- // "Failure" status. If this value is empty there
- // is no information available. A Reason clarifies an HTTP status
- // code but does not override it.
- // +optional
- reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason)
-
- // Extended data associated with the reason. Each reason may define its
- // own extended details. This field is optional and the data returned
- // is not guaranteed to conform to any schema except that defined by
- // the reason type.
- // +optional
- details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt)
-
- // Suggested HTTP return code for this status, 0 if not set.
- // +optional
- code?: int32 @go(Code) @protobuf(6,varint,opt)
-}
-
-// StatusDetails is a set of additional properties that MAY be set by the
-// server to provide additional information about a response. The Reason
-// field of a Status object defines what attributes will be set. Clients
-// must ignore fields that do not match the defined type of each attribute,
-// and should assume that any attribute may be empty, invalid, or under
-// defined.
-#StatusDetails: {
- // The name attribute of the resource associated with the status StatusReason
- // (when there is a single name which can be described).
- // +optional
- name?: string @go(Name) @protobuf(1,bytes,opt)
-
- // The group attribute of the resource associated with the status StatusReason.
- // +optional
- group?: string @go(Group) @protobuf(2,bytes,opt)
-
- // The kind attribute of the resource associated with the status StatusReason.
- // On some operations may differ from the requested resource Kind.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- kind?: string @go(Kind) @protobuf(3,bytes,opt)
-
- // UID of the resource.
- // (when there is a single resource which can be described).
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- // +optional
- uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID)
-
- // The Causes array includes more details associated with the StatusReason
- // failure. Not all StatusReasons may provide detailed causes.
- // +optional
- causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep)
-
- // If specified, the time in seconds before the operation should be retried. Some errors may indicate
- // the client must take an alternate action - for those errors this field may indicate how long to wait
- // before taking the alternate action.
- // +optional
- retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt)
-}
-
-#StatusSuccess: "Success"
-#StatusFailure: "Failure"
-
-// StatusReason is an enumeration of possible failure causes. Each StatusReason
-// must map to a single HTTP status code, but multiple reasons may map
-// to the same HTTP status code.
-// TODO: move to apiserver
-#StatusReason: string // #enumStatusReason
-
-#enumStatusReason:
- #StatusReasonUnknown |
- #StatusReasonUnauthorized |
- #StatusReasonForbidden |
- #StatusReasonNotFound |
- #StatusReasonAlreadyExists |
- #StatusReasonConflict |
- #StatusReasonGone |
- #StatusReasonInvalid |
- #StatusReasonServerTimeout |
- #StatusReasonTimeout |
- #StatusReasonTooManyRequests |
- #StatusReasonBadRequest |
- #StatusReasonMethodNotAllowed |
- #StatusReasonNotAcceptable |
- #StatusReasonRequestEntityTooLarge |
- #StatusReasonUnsupportedMediaType |
- #StatusReasonInternalError |
- #StatusReasonExpired |
- #StatusReasonServiceUnavailable
-
-// StatusReasonUnknown means the server has declined to indicate a specific reason.
-// The details field may contain other information about this error.
-// Status code 500.
-#StatusReasonUnknown: #StatusReason & ""
-
-// StatusReasonUnauthorized means the server can be reached and understood the request, but requires
-// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header)
-// in order for the action to be completed. If the user has specified credentials on the request, the
-// server considers them insufficient.
-// Status code 401
-#StatusReasonUnauthorized: #StatusReason & "Unauthorized"
-
-// StatusReasonForbidden means the server can be reached and understood the request, but refuses
-// to take any further action. It is the result of the server being configured to deny access for some reason
-// to the requested resource by the client.
-// Details (optional):
-// "kind" string - the kind attribute of the forbidden resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the forbidden resource
-// Status code 403
-#StatusReasonForbidden: #StatusReason & "Forbidden"
-
-// StatusReasonNotFound means one or more resources required for this operation
-// could not be found.
-// Details (optional):
-// "kind" string - the kind attribute of the missing resource
-// on some operations may differ from the requested
-// resource.
-// "id" string - the identifier of the missing resource
-// Status code 404
-#StatusReasonNotFound: #StatusReason & "NotFound"
-
-// StatusReasonAlreadyExists means the resource you are creating already exists.
-// Details (optional):
-// "kind" string - the kind attribute of the conflicting resource
-// "id" string - the identifier of the conflicting resource
-// Status code 409
-#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists"
-
-// StatusReasonConflict means the requested operation cannot be completed
-// due to a conflict in the operation. The client may need to alter the
-// request. Each resource may define custom details that indicate the
-// nature of the conflict.
-// Status code 409
-#StatusReasonConflict: #StatusReason & "Conflict"
-
-// StatusReasonGone means the item is no longer available at the server and no
-// forwarding address is known.
-// Status code 410
-#StatusReasonGone: #StatusReason & "Gone"
-
-// StatusReasonInvalid means the requested create or update operation cannot be
-// completed due to invalid data provided as part of the request. The client may
-// need to alter the request. When set, the client may use the StatusDetails
-// message field as a summary of the issues encountered.
-// Details (optional):
-// "kind" string - the kind attribute of the invalid resource
-// "id" string - the identifier of the invalid resource
-// "causes" - one or more StatusCause entries indicating the data in the
-// provided resource that was invalid. The code, message, and
-// field attributes will be set.
-// Status code 422
-#StatusReasonInvalid: #StatusReason & "Invalid"
-
-// StatusReasonServerTimeout means the server can be reached and understood the request,
-// but cannot complete the action in a reasonable time. The client should retry the request.
-// This is may be due to temporary server load or a transient communication issue with
-// another server. Status code 500 is used because the HTTP spec provides no suitable
-// server-requested client retry and the 5xx class represents actionable errors.
-// Details (optional):
-// "kind" string - the kind attribute of the resource being acted on.
-// "id" string - the operation that is being attempted.
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 500
-#StatusReasonServerTimeout: #StatusReason & "ServerTimeout"
-
-// StatusReasonTimeout means that the request could not be completed within the given time.
-// Clients can get this response only when they specified a timeout param in the request,
-// or if the server cannot complete the operation within a reasonable amount of time.
-// The request might succeed with an increased value of timeout param. The client *should*
-// wait at least the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 504
-#StatusReasonTimeout: #StatusReason & "Timeout"
-
-// StatusReasonTooManyRequests means the server experienced too many requests within a
-// given window and that the client must wait to perform the action again. A client may
-// always retry the request that led to this error, although the client should wait at least
-// the number of seconds specified by the retryAfterSeconds field.
-// Details (optional):
-// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried
-// Status code 429
-#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests"
-
-// StatusReasonBadRequest means that the request itself was invalid, because the request
-// doesn't make any sense, for example deleting a read-only object. This is different than
-// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the
-// data was invalid. API calls that return BadRequest can never succeed.
-// Status code 400
-#StatusReasonBadRequest: #StatusReason & "BadRequest"
-
-// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the
-// resource was not supported by the code - for instance, attempting to delete a resource that
-// can only be created. API calls that return MethodNotAllowed can never succeed.
-// Status code 405
-#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed"
-
-// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable
-// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml.
-// API calls that return NotAcceptable can never succeed.
-// Status code 406
-#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable"
-
-// StatusReasonRequestEntityTooLarge means that the request entity is too large.
-// Status code 413
-#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge"
-
-// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable
-// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml.
-// API calls that return UnsupportedMediaType can never succeed.
-// Status code 415
-#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType"
-
-// StatusReasonInternalError indicates that an internal error occurred, it is unexpected
-// and the outcome of the call is unknown.
-// Details (optional):
-// "causes" - The original error
-// Status code 500
-#StatusReasonInternalError: #StatusReason & "InternalError"
-
-// StatusReasonExpired indicates that the request is invalid because the content you are requesting
-// has expired and is no longer available. It is typically associated with watches that can't be
-// serviced.
-// Status code 410 (gone)
-#StatusReasonExpired: #StatusReason & "Expired"
-
-// StatusReasonServiceUnavailable means that the request itself was valid,
-// but the requested service is unavailable at this time.
-// Retrying the request after some time might succeed.
-// Status code 503
-#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable"
-
-// StatusCause provides more information about an api.Status failure, including
-// cases when multiple errors are encountered.
-#StatusCause: {
- // A machine-readable description of the cause of the error. If this value is
- // empty there is no information available.
- // +optional
- reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType)
-
- // A human-readable description of the cause of the error. This field may be
- // presented as-is to a reader.
- // +optional
- message?: string @go(Message) @protobuf(2,bytes,opt)
-
- // The field of the resource that has caused this error, as named by its JSON
- // serialization. May include dot and postfix notation for nested attributes.
- // Arrays are zero-indexed. Fields may appear more than once in an array of
- // causes due to fields having multiple errors.
- // Optional.
- //
- // Examples:
- // "name" - the field "name" on the current resource
- // "items[0].name" - the field "name" on the first array entry in "items"
- // +optional
- field?: string @go(Field) @protobuf(3,bytes,opt)
-}
-
-// CauseType is a machine readable value providing more detail about what
-// occurred in a status response. An operation may have multiple causes for a
-// status (whether Failure or Success).
-#CauseType: string // #enumCauseType
-
-#enumCauseType:
- #CauseTypeFieldValueNotFound |
- #CauseTypeFieldValueRequired |
- #CauseTypeFieldValueDuplicate |
- #CauseTypeFieldValueInvalid |
- #CauseTypeFieldValueNotSupported |
- #CauseTypeForbidden |
- #CauseTypeTooLong |
- #CauseTypeTooMany |
- #CauseTypeInternal |
- #CauseTypeTypeInvalid |
- #CauseTypeUnexpectedServerResponse |
- #CauseTypeFieldManagerConflict |
- #CauseTypeResourceVersionTooLarge
-
-// CauseTypeFieldValueNotFound is used to report failure to find a requested value
-// (e.g. looking up an ID).
-#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound"
-
-// CauseTypeFieldValueRequired is used to report required values that are not
-// provided (e.g. empty strings, null values, or empty arrays).
-#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired"
-
-// CauseTypeFieldValueDuplicate is used to report collisions of values that must be
-// unique (e.g. unique IDs).
-#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate"
-
-// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex
-// match).
-#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid"
-
-// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules)
-// values that can not be handled (e.g. an enumerated string).
-#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported"
-
-// CauseTypeForbidden is used to report valid (as per formatting rules)
-// values which would be accepted under some conditions, but which are not
-// permitted by the current conditions (such as security policy). See
-// Forbidden().
-#CauseTypeForbidden: #CauseType & "FieldValueForbidden"
-
-// CauseTypeTooLong is used to report that the given value is too long.
-// This is similar to ErrorTypeInvalid, but the error will not include the
-// too-long value. See TooLong().
-#CauseTypeTooLong: #CauseType & "FieldValueTooLong"
-
-// CauseTypeTooMany is used to report "too many". This is used to
-// report that a given list has too many items. This is similar to FieldValueTooLong,
-// but the error indicates quantity instead of length.
-#CauseTypeTooMany: #CauseType & "FieldValueTooMany"
-
-// CauseTypeInternal is used to report other errors that are not related
-// to user input. See InternalError().
-#CauseTypeInternal: #CauseType & "InternalError"
-
-// CauseTypeTypeInvalid is for the value did not match the schema type for that field
-#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid"
-
-// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client
-// without the expected return type. The presence of this cause indicates the error may be
-// due to an intervening proxy or the server software malfunctioning.
-#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse"
-
-// FieldManagerConflict is used to report when another client claims to manage this field,
-// It should only be returned for a request using server-side apply.
-#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict"
-
-// CauseTypeResourceVersionTooLarge is used to report that the requested resource version
-// is newer than the data observed by the API server, so the request cannot be served.
-#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge"
-
-// List holds a list of objects, which may not be known by the server.
-#List: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // List of objects
- items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep)
-}
-
-// APIVersions lists the versions that are available, to allow clients to
-// discover the API at /api, which is the root path of the legacy v1 API.
-//
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#APIVersions: {
- #TypeMeta
-
- // versions are the api versions that are available.
- versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep)
-}
-
-// APIGroupList is a list of APIGroup, to allow clients to discover the API at
-// /apis.
-#APIGroupList: {
- #TypeMeta
-
- // groups is a list of APIGroup.
- groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep)
-}
-
-// APIGroup contains the name, the supported versions, and the preferred version
-// of a group.
-#APIGroup: {
- #TypeMeta
-
- // name is the name of the group.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // versions are the versions supported in this group.
- versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep)
-
- // preferredVersion is the version preferred by the API server, which
- // probably is the storage version.
- // +optional
- preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt)
-
- // a map of client CIDR to server address that is serving this group.
- // This is to help clients reach servers in the most network-efficient way possible.
- // Clients can use the appropriate server address as per the CIDR that they match.
- // In case of multiple matches, clients should use the longest matching CIDR.
- // The server returns only those CIDRs that it thinks that the client can match.
- // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP.
- // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
- // +optional
- serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep)
-}
-
-// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.
-#ServerAddressByClientCIDR: {
- // The CIDR with which clients can match their IP to figure out the server address that they should use.
- clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt)
-
- // Address of this server, suitable for a client that matches the above CIDR.
- // This can be a hostname, hostname:port, IP or IP:port.
- serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt)
-}
-
-// GroupVersion contains the "group/version" and "version" string of a version.
-// It is made a struct to keep extensibility.
-#GroupVersionForDiscovery: {
- // groupVersion specifies the API group and version in the form "group/version"
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // version specifies the version in the form of "version". This is to save
- // the clients the trouble of splitting the GroupVersion.
- version: string @go(Version) @protobuf(2,bytes,opt)
-}
-
-// APIResource specifies the name of a resource and whether it is namespaced.
-#APIResource: {
- // name is the plural name of the resource.
- name: string @go(Name) @protobuf(1,bytes,opt)
-
- // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely.
- // The singularName is more correct for reporting status on a single item and both singular and plural are allowed
- // from the kubectl CLI interface.
- singularName: string @go(SingularName) @protobuf(6,bytes,opt)
-
- // namespaced indicates if a resource is namespaced or not.
- namespaced: bool @go(Namespaced) @protobuf(2,varint,opt)
-
- // group is the preferred group of the resource. Empty implies the group of the containing resource list.
- // For subresources, this may have a different value, for example: Scale".
- group?: string @go(Group) @protobuf(8,bytes,opt)
-
- // version is the preferred version of the resource. Empty implies the version of the containing resource list
- // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)".
- version?: string @go(Version) @protobuf(9,bytes,opt)
-
- // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
- kind: string @go(Kind) @protobuf(3,bytes,opt)
-
- // verbs is a list of supported kube verbs (this includes get, list, watch, create,
- // update, patch, delete, deletecollection, and proxy)
- verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt)
-
- // shortNames is a list of suggested short names of the resource.
- shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep)
-
- // categories is a list of the grouped resources this resource belongs to (e.g. 'all')
- categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep)
-
- // The hash value of the storage version, the version this resource is
- // converted to when written to the data store. Value must be treated
- // as opaque by clients. Only equality comparison on the value is valid.
- // This is an alpha feature and may change or be removed in the future.
- // The field is populated by the apiserver only if the
- // StorageVersionHash feature gate is enabled.
- // This field will remain optional even if it graduates.
- // +optional
- storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt)
-}
-
-// Verbs masks the value so protobuf can generate
-//
-// +protobuf.nullable=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#Verbs: [...string]
-
-// APIResourceList is a list of APIResource, it is used to expose the name of the
-// resources supported in a specific group and version, and if the resource
-// is namespaced.
-#APIResourceList: {
- #TypeMeta
-
- // groupVersion is the group and version this APIResourceList is for.
- groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt)
-
- // resources contains the name of the resources and if they are namespaced.
- resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep)
-}
-
-// RootPaths lists the paths available at root.
-// For example: "/healthz", "/apis".
-#RootPaths: {
- // paths are the paths available at root.
- paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep)
-}
-
-// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
-#Patch: {
-}
-
-// A label selector is a label query over a set of resources. The result of matchLabels and
-// matchExpressions are ANDed. An empty label selector matches all objects. A null
-// label selector matches no objects.
-// +structType=atomic
-#LabelSelector: {
- // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- // map is equivalent to an element of matchExpressions, whose key field is "key", the
- // operator is "In", and the values array contains only "value". The requirements are ANDed.
- // +optional
- matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep)
-
- // matchExpressions is a list of label selector requirements. The requirements are ANDed.
- // +optional
- matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep)
-}
-
-// A label selector requirement is a selector that contains values, a key, and an operator that
-// relates the key and values.
-#LabelSelectorRequirement: {
- // key is the label key that the selector applies to.
- key: string @go(Key) @protobuf(1,bytes,opt)
-
- // operator represents a key's relationship to a set of values.
- // Valid operators are In, NotIn, Exists and DoesNotExist.
- operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator)
-
- // values is an array of string values. If the operator is In or NotIn,
- // the values array must be non-empty. If the operator is Exists or DoesNotExist,
- // the values array must be empty. This array is replaced during a strategic
- // merge patch.
- // +optional
- values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep)
-}
-
-// A label selector operator is the set of operators that can be used in a selector requirement.
-#LabelSelectorOperator: string // #enumLabelSelectorOperator
-
-#enumLabelSelectorOperator:
- #LabelSelectorOpIn |
- #LabelSelectorOpNotIn |
- #LabelSelectorOpExists |
- #LabelSelectorOpDoesNotExist
-
-#LabelSelectorOpIn: #LabelSelectorOperator & "In"
-#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn"
-#LabelSelectorOpExists: #LabelSelectorOperator & "Exists"
-#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist"
-
-// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource
-// that the fieldset applies to.
-#ManagedFieldsEntry: {
- // Manager is an identifier of the workflow managing these fields.
- manager?: string @go(Manager) @protobuf(1,bytes,opt)
-
- // Operation is the type of operation which lead to this ManagedFieldsEntry being created.
- // The only valid values for this field are 'Apply' and 'Update'.
- operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType)
-
- // APIVersion defines the version of this resource that this field set
- // applies to. The format is "group/version" just like the top-level
- // APIVersion field. It is necessary to track the version of a field
- // set because it cannot be automatically converted.
- apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
-
- // Time is the timestamp of when the ManagedFields entry was added. The
- // timestamp will also be updated if a field is added, the manager
- // changes any of the owned fields value or removes a field. The
- // timestamp does not update when a field is removed from the entry
- // because another manager took it over.
- // +optional
- time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt)
-
- // FieldsType is the discriminator for the different fields format and version.
- // There is currently only one possible value: "FieldsV1"
- fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt)
-
- // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
- // +optional
- fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt)
-
- // Subresource is the name of the subresource used to update that object, or
- // empty string if the object was updated through the main resource. The
- // value of this field is used to distinguish between managers, even if they
- // share the same name. For example, a status update will be distinct from a
- // regular update using the same manager name.
- // Note that the APIVersion field is not related to the Subresource field and
- // it always corresponds to the version of the main resource.
- subresource?: string @go(Subresource) @protobuf(8,bytes,opt)
-}
-
-// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created.
-#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType
-
-#enumManagedFieldsOperationType:
- #ManagedFieldsOperationApply |
- #ManagedFieldsOperationUpdate
-
-#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply"
-#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update"
-
-// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
-//
-// Each key is either a '.' representing the field itself, and will always map to an empty set,
-// or a string representing a sub-field or item. The string will follow one of these four formats:
-// 'f:', where is the name of a field in a struct, or key in a map
-// 'v:', where is the exact json formatted value of a list item
-// 'i:', where is position of a item in a list
-// 'k:', where is a map of a list item's key fields to their unique values
-// If a key maps to an empty Fields value, the field that key represents is part of the set.
-//
-// The exact format is defined in sigs.k8s.io/structured-merge-diff
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-#FieldsV1: _
-
-// Table is a tabular representation of a set of API resources. The server transforms the
-// object into a set of preferred columns for quickly reviewing the objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=false
-#Table: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta)
-
- // columnDefinitions describes each column in the returned items array. The number of cells per row
- // will always match the number of column definitions.
- columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition)
-
- // rows is the list of items in the table.
- rows: [...#TableRow] @go(Rows,[]TableRow)
-}
-
-// TableColumnDefinition contains information about a column returned in the Table.
-// +protobuf=false
-#TableColumnDefinition: {
- // name is a human readable name for the column.
- name: string @go(Name)
-
- // type is an OpenAPI type definition for this column, such as number, integer, string, or
- // array.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- type: string @go(Type)
-
- // format is an optional OpenAPI type modifier for this column. A format modifies the type and
- // imposes additional rules, like date or time formatting for a string. The 'name' format is applied
- // to the primary identifier column which has type 'string' to assist in clients identifying column
- // is the resource name.
- // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.
- format: string @go(Format)
-
- // description is a human readable description of this column.
- description: string @go(Description)
-
- // priority is an integer defining the relative importance of this column compared to others. Lower
- // numbers are considered higher priority. Columns that may be omitted in limited space scenarios
- // should be given a higher priority.
- priority: int32 @go(Priority)
-}
-
-// TableRow is an individual row in a table.
-// +protobuf=false
-#TableRow: {
- // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or
- // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a
- // more detailed description.
- cells: [...] @go(Cells,[]interface{})
-
- // conditions describe additional status of a row that are relevant for a human user. These conditions
- // apply to the row, not to the object, and will be specific to table output. The only defined
- // condition type is 'Completed', for a row that indicates a resource that has run to completion and
- // can be given less visual priority.
- // +optional
- conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition)
-
- // This field contains the requested additional information about each object based on the includeObject
- // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the
- // default serialization of the object for the current API version, and if "Metadata" (the default) will
- // contain the object metadata. Check the returned kind and apiVersion of the object before parsing.
- // The media type of the object will always match the enclosing list - if this as a JSON table, these
- // will be JSON encoded objects.
- // +optional
- object?: runtime.#RawExtension @go(Object)
-}
-
-// TableRowCondition allows a row to be marked with additional information.
-// +protobuf=false
-#TableRowCondition: {
- // Type of row condition. The only defined value is 'Completed' indicating that the
- // object this row represents has reached a completed state and may be given less visual
- // priority than other rows. Clients are not required to honor any conditions but should
- // be consistent where possible about handling the conditions.
- type: #RowConditionType @go(Type)
-
- // Status of the condition, one of True, False, Unknown.
- status: #ConditionStatus @go(Status)
-
- // (brief) machine readable reason for the condition's last transition.
- // +optional
- reason?: string @go(Reason)
-
- // Human readable message indicating details about last transition.
- // +optional
- message?: string @go(Message)
-}
-
-#RowConditionType: string // #enumRowConditionType
-
-#enumRowConditionType:
- #RowCompleted
-
-// RowCompleted means the underlying resource has reached completion and may be given less
-// visual priority than other resources.
-#RowCompleted: #RowConditionType & "Completed"
-
-#ConditionStatus: string // #enumConditionStatus
-
-#enumConditionStatus:
- #ConditionTrue |
- #ConditionFalse |
- #ConditionUnknown
-
-#ConditionTrue: #ConditionStatus & "True"
-#ConditionFalse: #ConditionStatus & "False"
-#ConditionUnknown: #ConditionStatus & "Unknown"
-
-// IncludeObjectPolicy controls which portion of the object is returned with a Table.
-#IncludeObjectPolicy: string // #enumIncludeObjectPolicy
-
-#enumIncludeObjectPolicy:
- #IncludeNone |
- #IncludeMetadata |
- #IncludeObject
-
-// IncludeNone returns no object.
-#IncludeNone: #IncludeObjectPolicy & "None"
-
-// IncludeMetadata serializes the object containing only its metadata field.
-#IncludeMetadata: #IncludeObjectPolicy & "Metadata"
-
-// IncludeObject contains the full object.
-#IncludeObject: #IncludeObjectPolicy & "Object"
-
-// TableOptions are used when a Table is requested by the caller.
-// +k8s:conversion-gen:explicit-from=net/url.Values
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#TableOptions: {
- #TypeMeta
-
- // includeObject decides whether to include each object along with its columnar information.
- // Specifying "None" will return no object, specifying "Object" will return the full object contents, and
- // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind
- // in version v1beta1 of the meta.k8s.io API group.
- includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy)
-}
-
-// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients
-// to get access to a particular ObjectMeta schema without knowing the details of the version.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadata: {
- #TypeMeta
-
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- // +optional
- metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
-}
-
-// PartialObjectMetadataList contains a list of objects containing only their metadata
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#PartialObjectMetadataList: {
- #TypeMeta
-
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- // +optional
- metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
-
- // items contains each of the included items.
- items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep)
-}
-
-// Condition contains details for one aspect of the current state of this API Resource.
-// ---
-// This struct is intended for direct use as an array at the field path .status.conditions. For example,
-//
-// type FooStatus struct{
-// // Represents the observations of a foo's current state.
-// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-// // +patchMergeKey=type
-// // +patchStrategy=merge
-// // +listType=map
-// // +listMapKey=type
-// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-//
-// // other fields
-// }
-#Condition: {
- // type of condition in CamelCase or in foo.example.com/CamelCase.
- // ---
- // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- // useful (see .node.status.conditions), the ability to deconflict is important.
- // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
- // +kubebuilder:validation:MaxLength=316
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // status of the condition, one of True, False, Unknown.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Enum=True;False;Unknown
- status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt)
-
- // observedGeneration represents the .metadata.generation that the condition was set based upon.
- // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- // with respect to the current state of the instance.
- // +optional
- // +kubebuilder:validation:Minimum=0
- observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
-
- // lastTransitionTime is the last time the condition transitioned from one status to another.
- // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:Type=string
- // +kubebuilder:validation:Format=date-time
- lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
-
- // reason contains a programmatic identifier indicating the reason for the condition's last transition.
- // Producers of specific condition types may define expected values and meanings for this field,
- // and whether the values are considered a guaranteed API.
- // The value should be a CamelCase string.
- // This field may not be empty.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=1024
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
- reason: string @go(Reason) @protobuf(5,bytes,opt)
-
- // message is a human readable message indicating details about the transition.
- // This may be an empty string.
- // +required
- // +kubebuilder:validation:Required
- // +kubebuilder:validation:MaxLength=32768
- message: string @go(Message) @protobuf(6,bytes,opt)
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
deleted file mode 100644
index 12f5f1b63..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
+++ /dev/null
@@ -1,30 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
-
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/watch"
-)
-
-// Event represents a single event to a watched resource.
-//
-// +protobuf=true
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-#WatchEvent: {
- type: string @go(Type) @protobuf(1,bytes,opt)
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Error: *Status is recommended; other types may make sense
- // depending on context.
- object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt)
-}
-
-// InternalEvent makes watch.Event versioned
-// +protobuf=false
-#InternalEvent: watch.#Event
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
deleted file mode 100644
index 43474c392..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// SimpleAllocator a wrapper around make([]byte)
-// conforms to the MemoryAllocator interface
-#SimpleAllocator: {
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
deleted file mode 100644
index a05de5d58..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
+++ /dev/null
@@ -1,37 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// codec binds an encoder and decoder.
-_#codec: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding.
-#NoopEncoder: {
- Decoder: #Decoder
-}
-
-_#noopEncoderIdentifier: #Identifier & "noop"
-
-// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding.
-#NoopDecoder: {
- Encoder: #Encoder
-}
-
-_#base64Serializer: {
- Encoder: #Encoder
- Decoder: #Decoder
-}
-
-_#internalGroupVersionerIdentifier: "internal"
-_#disabledGroupVersionerIdentifier: "disabled"
-
-_#internalGroupVersioner: {
-}
-
-_#disabledGroupVersioner: {
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
deleted file mode 100644
index ce6d644cb..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime defines conversions between generic types and structs to map query strings
-// to struct objects.
-package runtime
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
deleted file mode 100644
index f49ad1e36..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// UnstructuredConverter is an interface for converting between interface{}
-// and map[string]interface representation.
-#UnstructuredConverter: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
deleted file mode 100644
index 89c5c51b3..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
+++ /dev/null
@@ -1,39 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-// Package runtime includes helper functions for working with API objects
-// that follow the kubernetes API object conventions, which are:
-//
-// 0. Your API objects have a common metadata struct member, TypeMeta.
-//
-// 1. Your code refers to an internal set of API objects.
-//
-// 2. In a separate package, you have an external set of API objects.
-//
-// 3. The external set is considered to be versioned, and no breaking
-// changes are ever made to it (fields may be added but not changed
-// or removed).
-//
-// 4. As your api evolves, you'll make an additional versioned package
-// with every major change.
-//
-// 5. Versioned packages have conversion functions which convert to
-// and from the internal version.
-//
-// 6. You'll continue to support older versions according to your
-// deprecation policy, and you can easily provide a program/library
-// to update old versions into new versions because of 5.
-//
-// 7. All of your serializations and deserializations are handled in a
-// centralized place.
-//
-// Package runtime provides a conversion helper to make 5 easy, and the
-// Encode/Decode/DecodeInto trio to accomplish 7. You can also register
-// additional "codecs" which use a version of your choice. It's
-// recommended that you register your types with runtime in your
-// package's init function.
-//
-// As a bonus, a few common types useful from all api objects and versions
-// are provided in types.go.
-package runtime
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
deleted file mode 100644
index d43f15f25..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-_#encodable: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
deleted file mode 100644
index ec8f1f070..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
+++ /dev/null
@@ -1,23 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// MultiObjectTyper returns the types of objects across multiple schemes in order.
-#MultiObjectTyper: [...#ObjectTyper]
-
-_#defaultFramer: {
-}
-
-// WithVersionEncoder serializes an object and ensures the GVK is set.
-#WithVersionEncoder: {
- Version: #GroupVersioner
- Encoder: #Encoder
- ObjectTyper: #ObjectTyper
-}
-
-// WithoutVersionDecoder clears the group version kind of a deserialized object.
-#WithoutVersionDecoder: {
- Decoder: #Decoder
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
deleted file mode 100644
index 22abcb620..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
+++ /dev/null
@@ -1,165 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// APIVersionInternal may be used if you are registering a type that should not
-// be considered stable or serialized - it is a convention only and has no
-// special behavior in this package.
-#APIVersionInternal: "__internal"
-
-// GroupVersioner refines a set of possible conversion targets into a single option.
-#GroupVersioner: _
-
-// Identifier represents an identifier.
-// Identitier of two different objects should be equal if and only if for every
-// input the output they produce is exactly the same.
-#Identifier: string // #enumIdentifier
-
-#enumIdentifier:
- _#noopEncoderIdentifier
-
-// Encoder writes objects to a serialized form
-#Encoder: _
-
-// MemoryAllocator is responsible for allocating memory.
-// By encapsulating memory allocation into its own interface, we can reuse the memory
-// across many operations in places we know it can significantly improve the performance.
-#MemoryAllocator: _
-
-// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations.
-#EncoderWithAllocator: _
-
-// Decoder attempts to load an object from data.
-#Decoder: _
-
-// Serializer is the core interface for transforming objects into a serialized format and back.
-// Implementations may choose to perform conversion of the object, but no assumptions should be made.
-#Serializer: _
-
-// Codec is a Serializer that deals with the details of versioning objects. It offers the same
-// interface as Serializer, so this is a marker to consumers that care about the version of the objects
-// they receive.
-#Codec: #Serializer
-
-// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and
-// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing
-// and the desired version must be specified.
-#ParameterCodec: _
-
-// Framer is a factory for creating readers and writers that obey a particular framing pattern.
-#Framer: _
-
-// SerializerInfo contains information about a specific serialization format
-#SerializerInfo: {
- // MediaType is the value that represents this serializer over the wire.
- MediaType: string
-
- // MediaTypeType is the first part of the MediaType ("application" in "application/json").
- MediaTypeType: string
-
- // MediaTypeSubType is the second part of the MediaType ("json" in "application/json").
- MediaTypeSubType: string
-
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the individual object serializer for this media type.
- Serializer: #Serializer
-
- // PrettySerializer, if set, can serialize this object in a form biased towards
- // readability.
- PrettySerializer: #Serializer
-
- // StrictSerializer, if set, deserializes this object strictly,
- // erring on unknown fields.
- StrictSerializer: #Serializer
-
- // StreamSerializer, if set, describes the streaming serialization format
- // for this media type.
- StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo)
-}
-
-// StreamSerializerInfo contains information about a specific stream serialization format
-#StreamSerializerInfo: {
- // EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
- EncodesAsText: bool
-
- // Serializer is the top level object serializer for this type when streaming
- Serializer: #Serializer
-
- // Framer is the factory for retrieving streams that separate objects on the wire
- Framer: #Framer
-}
-
-// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers
-// for multiple supported media types. This would commonly be accepted by a server component
-// that performs HTTP content negotiation to accept multiple formats.
-#NegotiatedSerializer: _
-
-// ClientNegotiator handles turning an HTTP content type into the appropriate encoder.
-// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from
-// a NegotiatedSerializer.
-#ClientNegotiator: _
-
-// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers
-// that can read and write data at rest. This would commonly be used by client tools that must
-// read files, or server side storage interfaces that persist restful objects.
-#StorageSerializer: _
-
-// NestedObjectEncoder is an optional interface that objects may implement to be given
-// an opportunity to encode any nested Objects / RawExtensions during serialization.
-#NestedObjectEncoder: _
-
-// NestedObjectDecoder is an optional interface that objects may implement to be given
-// an opportunity to decode any nested Objects / RawExtensions during serialization.
-// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding
-// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields).
-// As such it is important for callers of DecodeNestedObjects to check to confirm whether
-// an error is a runtime.StrictDecodingError before short circuiting.
-// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError
-// is only returned when the rest of decoding has succeeded.
-#NestedObjectDecoder: _
-
-#ObjectDefaulter: _
-
-#ObjectVersioner: _
-
-// ObjectConvertor converts an object to a different version.
-#ObjectConvertor: _
-
-// ObjectTyper contains methods for extracting the APIVersion and Kind
-// of objects.
-#ObjectTyper: _
-
-// ObjectCreater contains methods for instantiating an object by kind and version.
-#ObjectCreater: _
-
-// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource
-#EquivalentResourceMapper: _
-
-// EquivalentResourceRegistry provides an EquivalentResourceMapper interface,
-// and allows registering known resource[/subresource] -> kind
-#EquivalentResourceRegistry: _
-
-// ResourceVersioner provides methods for setting and retrieving
-// the resource version from an API object.
-#ResourceVersioner: _
-
-// Namer provides methods for retrieving name and namespace of an API object.
-#Namer: _
-
-// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are
-// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows
-// serializers to set the kind, version, and group the object is represented as. An Object may choose
-// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized.
-#Object: _
-
-// CacheableObject allows an object to cache its different serializations
-// to avoid performing the same serialization multiple times.
-#CacheableObject: _
-
-// Unstructured objects store values as map[string]interface{}, with only values that can be serialized
-// to JSON allowed.
-#Unstructured: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
deleted file mode 100644
index 7580f4676..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// NegotiateError is returned when a ClientNegotiator is unable to locate
-// a serializer for the requested operation.
-#NegotiateError: {
- ContentType: string
- Stream: bool
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
deleted file mode 100644
index bd9c409a7..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Splice is the interface that wraps the Splice method.
-//
-// Splice moves data from given slice without copying the underlying data for
-// efficiency purpose. Therefore, the caller should make sure the underlying
-// data is not changed later.
-#Splice: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
deleted file mode 100644
index 9dfc078b4..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
+++ /dev/null
@@ -1,14 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// Pair of strings. We keed the name of fields and the doc
-#Pair: {
- Name: string
- Doc: string
-}
-
-// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself
-#KubeTypes: [...#Pair]
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
deleted file mode 100644
index d1ee609a2..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
+++ /dev/null
@@ -1,97 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type,
-// like this:
-//
-// type MyAwesomeAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// ... // other fields
-// }
-//
-// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind
-//
-// TypeMeta is provided here for convenience. You may use it directly from this package or define
-// your own with the same fields.
-//
-// +k8s:deepcopy-gen=false
-// +protobuf=true
-// +k8s:openapi-gen=true
-#TypeMeta: {
- // +optional
- apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
-
- // +optional
- kind?: string @go(Kind) @protobuf(2,bytes,opt)
-}
-
-#ContentTypeJSON: "application/json"
-#ContentTypeYAML: "application/yaml"
-#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf"
-
-// RawExtension is used to hold extensions in external versions.
-//
-// To use this, make a field which has RawExtension as its type in your external, versioned
-// struct, and Object in your internal struct. You also need to register your
-// various plugin types.
-//
-// // Internal package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.Object `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // External package:
-//
-// type MyAPIObject struct {
-// runtime.TypeMeta `json:",inline"`
-// MyPlugin runtime.RawExtension `json:"myPlugin"`
-// }
-//
-// type PluginA struct {
-// AOption string `json:"aOption"`
-// }
-//
-// // On the wire, the JSON will look something like this:
-//
-// {
-// "kind":"MyAPIObject",
-// "apiVersion":"v1",
-// "myPlugin": {
-// "kind":"PluginA",
-// "aOption":"foo",
-// },
-// }
-//
-// So what happens? Decode first uses json or yaml to unmarshal the serialized data into
-// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.
-// The next step is to copy (using pkg/conversion) into the internal struct. The runtime
-// package's DefaultScheme has conversion functions installed which will unpack the
-// JSON stored in RawExtension, turning it into the correct object type, and storing it
-// in the Object. (TODO: In the case where the object is of an unknown type, a
-// runtime.Unknown object will be created and stored.)
-//
-// +k8s:deepcopy-gen=true
-// +protobuf=true
-// +k8s:openapi-gen=true
-#RawExtension: _
-
-// Unknown allows api objects with unknown types to be passed-through. This can be used
-// to deal with the API objects from a plug-in. Unknown objects still have functioning
-// TypeMeta features-- kind, version, etc.
-// TODO: Make this object have easy access to field based accessors and settors for
-// metadata and field mutatation.
-//
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +protobuf=true
-// +k8s:openapi-gen=true
-#Unknown: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
deleted file mode 100644
index 8b8ddf891..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
-
-package runtime
-
-#ProtobufMarshaller: _
-
-#ProtobufReverseMarshaller: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
deleted file mode 100644
index bfb4bcda3..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-// Package types implements various generic types used throughout kubernetes.
-package types
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
deleted file mode 100644
index 7cb2745aa..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-#NamespacedName: {
- Namespace: string
- Name: string
-}
-
-#Separator: 47 // '/'
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
deleted file mode 100644
index 8b264b80c..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// NodeName is a type that holds a api.Node's Name identifier.
-// Being a type captures intent and helps make sure that the node name
-// is not confused with similar concepts (the hostname, the cloud provider id,
-// the cloud provider name etc)
-//
-// To clarify the various types:
-//
-// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName.
-// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level.
-//
-// - Hostname is the hostname of the local machine (from uname -n).
-// However, some components allow the user to pass in a --hostname-override flag,
-// which will override this in most places. In the absence of anything more meaningful,
-// kubelet will use Hostname as the Node.Name when it creates the Node.
-//
-// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId.
-//
-// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the
-// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up
-// to the cloudprovider how to do this mapping.
-//
-// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the
-// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if
-// we are using a custom DHCP domain it won't be.
-#NodeName: string
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
deleted file mode 100644
index 3de5d80f9..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// Similarly to above, these are constants to support HTTP PATCH utilized by
-// both the client and server that didn't make sense for a whole package to be
-// dedicated to.
-#PatchType: string // #enumPatchType
-
-#enumPatchType:
- #JSONPatchType |
- #MergePatchType |
- #StrategicMergePatchType |
- #ApplyPatchType
-
-#JSONPatchType: #PatchType & "application/json-patch+json"
-#MergePatchType: #PatchType & "application/merge-patch+json"
-#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json"
-#ApplyPatchType: #PatchType & "application/apply-patch+yaml"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
deleted file mode 100644
index 40bdd8285..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/types
-
-package types
-
-// UID is a type that holds unique ID values, including UUIDs. Because we
-// don't ONLY use UUIDs, this is an alias to string. Being a type captures
-// intent and helps make sure that UIDs and names do not get conflated.
-#UID: string
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
deleted file mode 100644
index 2c8cc3651..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr
-
-package intstr
-
-// IntOrString is a type that can hold an int32 or a string. When used in
-// JSON or YAML marshalling and unmarshalling, it produces or consumes the
-// inner type. This allows you to have, for example, a JSON field that can
-// accept a name or number.
-// TODO: Rename to Int32OrString
-//
-// +protobuf=true
-// +protobuf.options.(gogoproto.goproto_stringer)=false
-// +k8s:openapi-gen=true
-#IntOrString: _
-
-// Type represents the stored type of IntOrString.
-#Type: int64 // #enumType
-
-#enumType:
- #Int |
- #String
-
-#values_Type: {
- Int: #Int
- String: #String
-}
-
-#Int: #Type & 0
-#String: #Type & 1
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
deleted file mode 100644
index bc1b91894..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
+++ /dev/null
@@ -1,7 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-// Package watch contains a generic watchable interface, and a fake for
-// testing code that uses the watch interface.
-package watch
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
deleted file mode 100644
index 045e8ec85..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
+++ /dev/null
@@ -1,10 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Recorder records all events that are sent from the watch until it is closed.
-#Recorder: {
- Interface: #Interface
-}
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
deleted file mode 100644
index dcf72d5b0..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch
-// channel is full.
-#FullChannelBehavior: int // #enumFullChannelBehavior
-
-#enumFullChannelBehavior:
- #WaitIfChannelFull |
- #DropIfChannelFull
-
-#values_FullChannelBehavior: {
- WaitIfChannelFull: #WaitIfChannelFull
- DropIfChannelFull: #DropIfChannelFull
-}
-
-#WaitIfChannelFull: #FullChannelBehavior & 0
-#DropIfChannelFull: #FullChannelBehavior & 1
-
-_#incomingQueueLength: 25
-
-_#internalRunFunctionMarker: "internal-do-function"
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
deleted file mode 100644
index f0805cfb2..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
+++ /dev/null
@@ -1,12 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written.
-#Decoder: _
-
-// Reporter hides the details of how an error is turned into a runtime.Object for
-// reporting on a watch stream since this package may not import a higher level report.
-#Reporter: _
diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
deleted file mode 100644
index 0db2e6be1..000000000
--- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
+++ /dev/null
@@ -1,48 +0,0 @@
-// Code generated by cue get go. DO NOT EDIT.
-
-//cue:generate cue get go k8s.io/apimachinery/pkg/watch
-
-package watch
-
-import "k8s.io/apimachinery/pkg/runtime"
-
-// Interface can be implemented by anything that knows how to watch and report changes.
-#Interface: _
-
-// EventType defines the possible types of events.
-#EventType: string // #enumEventType
-
-#enumEventType:
- #Added |
- #Modified |
- #Deleted |
- #Bookmark |
- #Error
-
-#Added: #EventType & "ADDED"
-#Modified: #EventType & "MODIFIED"
-#Deleted: #EventType & "DELETED"
-#Bookmark: #EventType & "BOOKMARK"
-#Error: #EventType & "ERROR"
-
-// Event represents a single event to a watched resource.
-// +k8s:deepcopy-gen=true
-#Event: {
- Type: #EventType
-
- // Object is:
- // * If Type is Added or Modified: the new state of the object.
- // * If Type is Deleted: the state of the object immediately before deletion.
- // * If Type is Bookmark: the object (instance of a type being watched) where
- // only ResourceVersion field is set. On successful restart of watch from a
- // bookmark resourceVersion, client is guaranteed to not get repeat event
- // nor miss any events.
- // * If Type is Error: *api.Status is recommended; other types may make sense
- // depending on context.
- Object: runtime.#Object
-}
-
-// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe.
-#RaceFreeFakeWatcher: {
- Stopped: bool
-}
diff --git a/k8s/timoni/runner/cue.mod/module.cue b/k8s/timoni/runner/cue.mod/module.cue
deleted file mode 100644
index 72e7d281d..000000000
--- a/k8s/timoni/runner/cue.mod/module.cue
+++ /dev/null
@@ -1,2 +0,0 @@
-module: "timoni.sh/runner"
-language: version: "v0.9.0"
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
deleted file mode 100644
index 2c579e99d..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Action holds the list of annotations for controlling
-// Timoni's apply behaviour of Kubernetes resources.
-Action: {
- // Force annotation for recreating immutable resources such as Kubernetes Jobs.
- Force: {
- "action.timoni.sh/force": ActionStatus.Enabled
- }
- // One-off annotation for appling resources only if they don't exist on the cluster.
- Oneoff: {
- "action.timoni.sh/one-off": ActionStatus.Enabled
- }
- // Keep annotation for preventing Timoni's garbage collector from deleting resources.
- Keep: {
- "action.timoni.sh/prune": ActionStatus.Disabled
- }
-}
-
-ActionStatus: {
- Enabled: "enabled"
- Disabled: "disabled"
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
deleted file mode 100644
index 1535ea43f..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strings"
-)
-
-// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image.
-#Image: {
-
- // Repository is the address of a container registry repository.
- // An image repository is made up of slash-separated name components, optionally
- // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
- repository!: string
-
- // Tag identifies an image in the repository.
- // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes.
- // A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
- tag!: string & strings.MaxRunes(128)
-
- // Digest uniquely and immutably identifies an image in the repository.
- // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
- digest!: string
-
- // PullPolicy defines the pull policy for the image.
- // By default, it is set to IfNotPresent.
- pullPolicy: *"IfNotPresent" | "Always" | "Never"
-
- // Reference is the image address computed from repository, tag and digest
- // in the format [REPOSITORY]:[TAG]@[DIGEST].
- reference: string
-
- if digest != "" && tag != "" {
- reference: "\(repository):\(tag)@\(digest)"
- }
-
- if digest != "" && tag == "" {
- reference: "\(repository)@\(digest)"
- }
-
- if digest == "" && tag != "" {
- reference: "\(repository):\(tag)"
- }
-
- if digest == "" && tag == "" {
- reference: "\(repository):latest"
- }
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
deleted file mode 100644
index 19f098967..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/base64"
- "strings"
-)
-
-// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson.
-// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets.
-#ImagePullSecret: {
- // Metadata is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]].
- #Registry!: string
-
- // Username is the username used to authenticate to the container registry.
- #Username!: string
-
- // Password is the password used to authenticate to the container registry.
- #Password!: string
-
- // Optional suffix used to generate the Secret name.
- #Suffix: *"" | string & strings.MaxRunes(30)
-
- let auth = base64.Encode(null, #Username+":"+#Password)
-
- apiVersion: "v1"
- kind: "Secret"
- type: "kubernetes.io/dockerconfigjson"
- metadata: {
- name: #Meta.name + #Suffix
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- stringData: {
- ".dockerconfigjson": """
- {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}}
- """
- }
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
deleted file mode 100644
index 7b31c23e4..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2024 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "encoding/json"
- "strings"
- "uuid"
-)
-
-#ConfigMapKind: "ConfigMap"
-#SecretKind: "Secret"
-
-// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets.
-// The metadata.name of the generated object is suffixed with the hash of the input data.
-#ImmutableConfig: {
- // Kind of the generated object.
- #Kind: *#ConfigMapKind | #SecretKind
-
- // Metadata of the generated object.
- #Meta: #Metadata
-
- // Optional suffix appended to the generate name.
- #Suffix: *"" | string
-
- // Data of the generated object.
- #Data: {[string]: string}
-
- let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0]
-
- apiVersion: "v1"
- kind: #Kind
- metadata: {
- name: #Meta.name + #Suffix + "-" + hash
- namespace: #Meta.namespace
- labels: #Meta.labels
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
- }
- immutable: true
- if kind == #ConfigMapKind {
- data: #Data
- }
- if kind == #SecretKind {
- stringData: #Data
- }
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
deleted file mode 100644
index ad96b0621..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// InstanceName defines the schema for the name of a Timoni instance.
-// The instance name is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceNamespace defines the schema for the namespace of a Timoni instance.
-// The instance namespace is used as a Kubernetes label value and must be 63 characters or less.
-#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
-
-// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership.
-#InstanceOwnerReference: {
- #Name: "instance.timoni.sh/name"
- #Namespace: "instance.timoni.sh/namespace"
-}
-
-// InstanceModule defines the schema for the Module of a Timoni instance.
-#InstanceModule: {
- url: string & =~"^((oci|file)://.*)$"
- version: *"latest" | string
- digest?: string
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
deleted file mode 100644
index 188ff505d..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// Annotations defines the schema for Kubernetes object metadata annotations.
-#Annotations: {[string & strings.MaxRunes(253)]: string}
-
-// Labels defines the schema for Kubernetes object metadata labels.
-#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
-
-#StdLabelName: "app.kubernetes.io/name"
-#StdLabelVersion: "app.kubernetes.io/version"
-#StdLabelPartOf: "app.kubernetes.io/part-of"
-#StdLabelManagedBy: "app.kubernetes.io/managed-by"
-#StdLabelComponent: "app.kubernetes.io/component"
-#StdLabelInstance: "app.kubernetes.io/instance"
-
-// Metadata defines the schema for Kubernetes object metadata.
-#Metadata: {
- // Version should be in the strict semver format. Is required when creating resources.
- #Version!: string & strings.MaxRunes(63)
-
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- name!: #InstanceName
-
- // Namespace defines the space within which each name must be unique.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- namespace!: #InstanceNamespace
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set to store and retrieve arbitrary metadata.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- annotations?: #Annotations
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes labels: app name, version and managed-by.
- labels: {
- (#StdLabelName): name
- (#StdLabelVersion): #Version
- (#StdLabelManagedBy): "timoni"
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name label.
- #LabelSelector: #Labels & {
- (#StdLabelName): name
- }
-
- // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions
- // are met before it fully deletes resources marked for deletion.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/
- finalizers?: [...string]
-}
-
-// MetaComponent generates the Kubernetes object metadata for a module namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
- namespace: #Meta.namespace
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
-
-// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component.
-// The metadata.name is composed of the instance name and the component name.
-// The metadata.namespace is unset.
-// The metadata.labels contain the app.kubernetes.io/component label.
-#MetaClusterComponent: {
- // Meta is the Kubernetes object's metadata generated by Timoni.
- #Meta!: #Metadata
-
- // Component is the name of the component used
- // as a suffix for the generate object name.
- #Component!: string & strings.MaxRunes(30)
-
- name: #Meta.name + "-" + #Component
-
- labels: #Meta.labels
- labels: (#StdLabelComponent): #Component
-
- annotations?: #Annotations
- if #Meta.annotations != _|_ {
- annotations: #Meta.annotations
- }
-
- // LabelSelector selects Pods based on the app.kubernetes.io/name
- // and app.kubernetes.io/component labels.
- #LabelSelector: #Labels & {
- (#StdLabelComponent): #Component
- (#StdLabelName): #Meta.name
- }
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
deleted file mode 100644
index 1dcdb699e..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import "strings"
-
-// ObjectReference is a reference to a Kubernetes object.
-#ObjectReference: {
- // Name of the referent.
- name!: string & strings.MaxRunes(256)
-
- // Namespace of the referent.
- namespace?: string & strings.MaxRunes(256)
-
- // API version of the referent.
- apiVersion?: string & strings.MaxRunes(256)
-
- // Kind of the referent.
- kind?: string & strings.MaxRunes(256)
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
deleted file mode 100644
index d3b5573ae..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m.
-#CPUQuantity: string & =~"^[1-9]\\d*m$"
-
-// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi.
-#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$"
-
-// ResourceRequirement defines the schema for the CPU and Memory resource requirements.
-#ResourceRequirement: {
- cpu?: #CPUQuantity
- memory?: #MemoryQuantity
-}
-
-// ResourceRequirements defines the schema for the compute resource requirements of a container.
-// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
-#ResourceRequirements: {
- // Limits describes the maximum amount of compute resources allowed.
- limits?: #ResourceRequirement
-
- // Requests describes the minimum amount of compute resources required.
- // Requests cannot exceed Limits.
- requests?: #ResourceRequirement & {
- if limits != _|_ {
- if limits.cpu != _|_ {
- _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0])
- _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0])
- #cpu: int & >=_rc & _lc
- }
- }
- }
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
deleted file mode 100644
index 9c4f2384b..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc.
-#Selector: {
- // Name must be unique within a namespace. Is required when creating resources.
- // Name is primarily intended for creation idempotence and configuration definition.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- #Name!: #InstanceName
-
- // Map of string keys and values that can be used to organize and categorize (scope and select) objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- labels: #Labels
-
- // Standard Kubernetes label: app name.
- labels: (#StdLabelName): #Name
-}
diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
deleted file mode 100644
index ecd1e397f..000000000
--- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2023 Stefan Prodan
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
- "strconv"
- "strings"
-)
-
-// SemVer validates the input version string and extracts the major and minor version numbers.
-// When Minimum is set, the major and minor parts must be greater or equal to the minimum
-// or a validation error is returned.
-#SemVer: {
- // Input version string in strict semver format.
- #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- // Minimum is the minimum allowed MAJOR.MINOR version.
- #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$"
-
- let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0])
- let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1])
-
- major: int & >=minMajor
- major: strconv.Atoi(strings.Split(#Version, ".")[0])
-
- minor: int & >=minMinor
- minor: strconv.Atoi(strings.Split(#Version, ".")[1])
-}
diff --git a/k8s/timoni/runner/templates/config.cue b/k8s/timoni/runner/templates/config.cue
deleted file mode 100644
index b7eda96e7..000000000
--- a/k8s/timoni/runner/templates/config.cue
+++ /dev/null
@@ -1,61 +0,0 @@
-package templates
-
-import (
- corev1 "k8s.io/api/core/v1"
- timoniv1 "timoni.sh/core/v1alpha1"
-)
-
-#Config: {
- kubeVersion!: string
- moduleVersion!: string
-
- metadata: timoniv1.#Metadata & {#Version: moduleVersion}
- metadata: labels: timoniv1.#Labels
- metadata: annotations?: timoniv1.#Annotations
-
- selector: timoniv1.#Selector & {#Name: metadata.name}
-
- registry: string
- image!: timoniv1.#Image & {digest: ""}
-
- replicas: *0 | int & >0
-
- resources: timoniv1.#ResourceRequirements & {
- requests: {
- cpu: *"150m" | timoniv1.#CPUQuantity
- memory: *"128Mi" | timoniv1.#MemoryQuantity
- }
- limits: {
- cpu: *"1000m" | timoniv1.#CPUQuantity
- memory: *"2Gi" | timoniv1.#MemoryQuantity
- }
- }
-
- securityContext: corev1.#SecurityContext & {
- allowPrivilegeEscalation: *false | true
- privileged: *false | true
- capabilities:
- {
- drop: *["ALL"] | [string]
- add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string]
- }
- }
-
- service: {
- annotations?: timoniv1.#Annotations
- port: *8000 | int & >0 & <=65535
- }
-
- podSecurityContext?: corev1.#PodSecurityContext
- imagePullSecrets?: [...timoniv1.#ObjectReference]
- tolerations?: [...corev1.#Toleration]
-}
-
-#Instance: {
- config: #Config
-
- objects: {
- svc: #Service & {#config: config}
- deploy: #Deployment & {#config: config}
- }
-}
diff --git a/k8s/timoni/runner/templates/deployment.cue b/k8s/timoni/runner/templates/deployment.cue
deleted file mode 100644
index 97868f1d1..000000000
--- a/k8s/timoni/runner/templates/deployment.cue
+++ /dev/null
@@ -1,53 +0,0 @@
-package templates
-
-import (
- appsv1 "k8s.io/api/apps/v1"
- corev1 "k8s.io/api/core/v1"
-)
-
-#Deployment: appsv1.#Deployment & {
- #config: #Config
- apiVersion: "apps/v1"
- kind: "Deployment"
- metadata: #config.metadata
- spec: appsv1.#DeploymentSpec & {
- replicas: #config.replicas
- selector: matchLabels: #config.selector.labels
- template: {
- metadata: labels: #config.selector.labels
- spec: corev1.#PodSpec & {
- topologySpreadConstraints: [{
- maxSkew: 3
- topologyKey: "kubernetes.io/hostname"
- whenUnsatisfiable: "ScheduleAnyway"
- labelSelector: matchLabels: app: #config.metadata.name
- }]
- affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [{
- labelSelector: matchLabels: app: "codebattle"
- topologyKey: "kubernetes.io/hostname"
- }]
- containers: [{
- name: "runner"
- image: #config.image.reference
- imagePullPolicy: #config.image.pullPolicy
- command: ["/runner/codebattle_runner"]
- ports: [{
- name: "http"
- containerPort: 8000
- protocol: "TCP"
- }]
- readinessProbe: {
- httpGet: {
- path: "/health"
- port: "http"
- }
- initialDelaySeconds: 5
- periodSeconds: 5
- successThreshold: 1
- }
- resources: #config.resources
- }]
- }
- }
- }
-}
diff --git a/k8s/timoni/runner/templates/service.cue b/k8s/timoni/runner/templates/service.cue
deleted file mode 100644
index 1b4248b21..000000000
--- a/k8s/timoni/runner/templates/service.cue
+++ /dev/null
@@ -1,22 +0,0 @@
-package templates
-
-import (
- corev1 "k8s.io/api/core/v1"
-)
-
-#Service: corev1.#Service & {
- #config: #Config
- apiVersion: "v1"
- kind: "Service"
- metadata: #config.metadata
- spec: corev1.#ServiceSpec & {
- type: corev1.#ServiceTypeClusterIP
- selector: #config.selector.labels
- ports: [{
- port: 80
- protocol: "TCP"
- name: "http"
- targetPort: name
- }]
- }
-}
diff --git a/k8s/timoni/runner/timoni.cue b/k8s/timoni/runner/timoni.cue
deleted file mode 100644
index d29df0bbf..000000000
--- a/k8s/timoni/runner/timoni.cue
+++ /dev/null
@@ -1,25 +0,0 @@
-package main
-
-import (
- templates "timoni.sh/runner/templates"
-)
-
-values: templates.#Config
-
-timoni: {
- apiVersion: "v1alpha1"
-
- instance: templates.#Instance & {
- config: values
- config: {
- metadata: {
- name: string & =~"^runner-.+" @tag(name)
- namespace: string @tag(namespace)
- }
- moduleVersion: string @tag(mv, var=moduleVersion)
- kubeVersion: string @tag(kv, var=kubeVersion)
- }
- }
-
- apply: app: [for obj in instance.objects {obj}]
-}
diff --git a/k8s/timoni/runner/values.cue b/k8s/timoni/runner/values.cue
deleted file mode 100644
index 17bc0aff9..000000000
--- a/k8s/timoni/runner/values.cue
+++ /dev/null
@@ -1,3 +0,0 @@
-package main
-
-values: {}
diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue
deleted file mode 100644
index bea22cfad..000000000
--- a/k8s/timoni/runners.cue
+++ /dev/null
@@ -1,6 +0,0 @@
-runners: "python": {
- image: "codebattle/python"
- version: "3.12.2"
- lang: "python"
- replicas: 1
-}
diff --git a/k8s/timoni/values.cue b/k8s/timoni/values.cue
deleted file mode 100644
index c057b37dd..000000000
--- a/k8s/timoni/values.cue
+++ /dev/null
@@ -1,9 +0,0 @@
-codebattleValues: {
- image: codebattle: pullPolicy: "Always"
- gateway: {
- enable: true
- gatewayName: "gateway"
- }
- certManager: enable: true
- rustExecutor: true
-}