From 58938acdd1cfdb0cebbcc53648fe95cbcd5dcab1 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Fri, 21 Feb 2025 16:08:32 +0100 Subject: [PATCH 01/10] configure runners --- k8s/timoni/runners.cue | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index bea22cfad..6663e96c7 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -1,6 +1,32 @@ -runners: "python": { - image: "codebattle/python" - version: "3.12.2" - lang: "python" - replicas: 1 +runners: { + "python": { + image: "codebattle/python" + version: "3.12.2" + lang: "python" + replicas: 1 + } + "cpp": { + image: "codebattle/cpp" + version: "20" + lang: "cpp" + replicas: 1 + } + "csharp": { + image: "codebattle/csharp" + version: "8.0.201" + lang: "csharp" + replicas: 1 + } + "java": { + image: "codebattle/java" + version: "21" + lang: "java" + replicas: 1 + } + "golang": { + image: "codebattle/golang" + version: "1.22.1" + lang: "go" + replicas: 1 + } } From 0ca99c25477dd2a49ff6759c768e60e0a7d12053 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Tue, 25 Feb 2025 09:22:36 +0100 Subject: [PATCH 02/10] fix runner name --- k8s/timoni/runners.cue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index 6663e96c7..2e891c6ac 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -26,7 +26,7 @@ runners: { "golang": { image: "codebattle/golang" version: "1.22.1" - lang: "go" + lang: "golang" replicas: 1 } } From abb6d9442a1ee8629109ed659cb307018da94776 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Tue, 25 Feb 2025 10:07:57 +0100 Subject: [PATCH 03/10] tweak pull policy for nginx-assets --- k8s/timoni/values.cue | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/timoni/values.cue b/k8s/timoni/values.cue index c057b37dd..036af9575 100644 --- a/k8s/timoni/values.cue +++ b/k8s/timoni/values.cue @@ -1,5 +1,6 @@ codebattleValues: { image: codebattle: pullPolicy: "Always" + image: nginx: pullPolicy: "Always" gateway: { enable: true gatewayName: "gateway" From a812860d75f2535c3be8d1a0d7c0331b5eb06768 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Wed, 26 Feb 2025 14:12:12 +0100 Subject: [PATCH 04/10] add kotlin runner --- k8s/timoni/runners.cue | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index 2e891c6ac..38120a829 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -29,4 +29,10 @@ runners: { lang: "golang" replicas: 1 } + "kotlin": { + image: "codebattle/kotlin" + version: "1.9.23" + lang: "kotlin" + replicas: 1 + } } From 726567d0870c82362fa99e42c1d408a3aa6e09f0 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Wed, 26 Feb 2025 14:33:04 +0100 Subject: [PATCH 05/10] add runners --- k8s/timoni/runners.cue | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index 38120a829..aaff6f208 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -3,36 +3,36 @@ runners: { image: "codebattle/python" version: "3.12.2" lang: "python" - replicas: 1 + replicas: 16 } "cpp": { image: "codebattle/cpp" version: "20" lang: "cpp" - replicas: 1 + replicas: 16 } "csharp": { image: "codebattle/csharp" version: "8.0.201" lang: "csharp" - replicas: 1 + replicas: 10 } "java": { image: "codebattle/java" version: "21" lang: "java" - replicas: 1 + replicas: 10 } "golang": { image: "codebattle/golang" version: "1.22.1" lang: "golang" - replicas: 1 + replicas: 8 } "kotlin": { image: "codebattle/kotlin" version: "1.9.23" lang: "kotlin" - replicas: 1 + replicas: 4 } } From 131dfcfbf4451d4bdbcd06c90f5b51eeee660a38 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Wed, 26 Feb 2025 19:23:22 +0100 Subject: [PATCH 06/10] scale down runners --- k8s/timoni/runners.cue | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index aaff6f208..5e0a2ac03 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -3,36 +3,36 @@ runners: { image: "codebattle/python" version: "3.12.2" lang: "python" - replicas: 16 + replicas: 1 //16 } "cpp": { image: "codebattle/cpp" version: "20" lang: "cpp" - replicas: 16 + replicas: 1 //16 } "csharp": { image: "codebattle/csharp" version: "8.0.201" lang: "csharp" - replicas: 10 + replicas: 1 //10 } "java": { image: "codebattle/java" version: "21" lang: "java" - replicas: 10 + replicas: 1 //10 } "golang": { image: "codebattle/golang" version: "1.22.1" lang: "golang" - replicas: 8 + replicas: 1 //8 } "kotlin": { image: "codebattle/kotlin" version: "1.9.23" lang: "kotlin" - replicas: 4 + replicas: 1 //4 } } From b4b5201207445731730fc52ce7f0eed47b35e7e6 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Sat, 1 Mar 2025 12:05:31 +0400 Subject: [PATCH 07/10] scale up runners --- k8s/timoni/runners.cue | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index 5e0a2ac03..815558d64 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -3,36 +3,36 @@ runners: { image: "codebattle/python" version: "3.12.2" lang: "python" - replicas: 1 //16 + replicas: 8 } "cpp": { image: "codebattle/cpp" version: "20" lang: "cpp" - replicas: 1 //16 + replicas: 6 } "csharp": { image: "codebattle/csharp" version: "8.0.201" lang: "csharp" - replicas: 1 //10 + replicas: 2 } "java": { image: "codebattle/java" version: "21" lang: "java" - replicas: 1 //10 + replicas: 2 } "golang": { image: "codebattle/golang" version: "1.22.1" lang: "golang" - replicas: 1 //8 + replicas: 2 } "kotlin": { image: "codebattle/kotlin" version: "1.9.23" lang: "kotlin" - replicas: 1 //4 + replicas: 1 } } From 72b795441e56521b6801d7c48f2f9798a7ed17d9 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Sat, 1 Mar 2025 14:18:26 +0400 Subject: [PATCH 08/10] scale down runners --- k8s/timoni/runners.cue | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue index 815558d64..b770ace6c 100644 --- a/k8s/timoni/runners.cue +++ b/k8s/timoni/runners.cue @@ -3,36 +3,36 @@ runners: { image: "codebattle/python" version: "3.12.2" lang: "python" - replicas: 8 + replicas: 1 } "cpp": { image: "codebattle/cpp" version: "20" lang: "cpp" - replicas: 6 + replicas: 0 } "csharp": { image: "codebattle/csharp" version: "8.0.201" lang: "csharp" - replicas: 2 + replicas: 0 } "java": { image: "codebattle/java" version: "21" lang: "java" - replicas: 2 + replicas: 0 } "golang": { image: "codebattle/golang" version: "1.22.1" lang: "golang" - replicas: 2 + replicas: 0 } "kotlin": { image: "codebattle/kotlin" version: "1.9.23" lang: "kotlin" - replicas: 1 + replicas: 0 } } From 738665a5dff8b5abc6652a0883c5c2d4382ee073 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Fri, 11 Apr 2025 12:50:32 +0200 Subject: [PATCH 09/10] ca option for issuer --- k8s/timoni/codebattle/templates/config.cue | 11 ++++++++- k8s/timoni/codebattle/templates/issuer.cue | 27 ++++++++++++++-------- k8s/timoni/values.cue | 6 ++++- 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/k8s/timoni/codebattle/templates/config.cue b/k8s/timoni/codebattle/templates/config.cue index 70b56fa6e..b108a4770 100644 --- a/k8s/timoni/codebattle/templates/config.cue +++ b/k8s/timoni/codebattle/templates/config.cue @@ -71,7 +71,16 @@ import ( host: *"codebattle.hexlet.io" | string } - certManager: enable: *false | bool + certManager: { + enable: *false | bool + useLetsencrypt: *true | bool + useCA: *false | bool + _issuerConstraint: useLetsencrypt != useCA + _caSecretMeta: timoniv1.#MetaComponent & { + #Meta: metadata + #Component: "ca" + } + } rustExecutor: *false | bool } diff --git a/k8s/timoni/codebattle/templates/issuer.cue b/k8s/timoni/codebattle/templates/issuer.cue index 1729a750b..bf804c4fe 100644 --- a/k8s/timoni/codebattle/templates/issuer.cue +++ b/k8s/timoni/codebattle/templates/issuer.cue @@ -10,16 +10,23 @@ import ( kind: "Issuer" metadata: #config.metadata spec: { - acme: { - server: "https://acme-v02.api.letsencrypt.org/directory" - privateKeySecretRef: name: "\(metadata.name)-letsencrypt" - solvers: [{ - http01: gatewayHTTPRoute: { - parentRefs: [{ - name: #config.gateway.gatewayName - }] - } - }] + if #config.certManager.useLetsencrypt { + acme: { + server: "https://acme-v02.api.letsencrypt.org/directory" + privateKeySecretRef: name: "\(metadata.name)-letsencrypt" + solvers: [{ + http01: gatewayHTTPRoute: { + parentRefs: [{ + name: #config.gateway.gatewayName + }] + } + }] + } + } + if #config.certManager.useCA { + ca: { + secretName: #config.certManager._caSecretMeta.name + } } } } diff --git a/k8s/timoni/values.cue b/k8s/timoni/values.cue index 036af9575..84f4523df 100644 --- a/k8s/timoni/values.cue +++ b/k8s/timoni/values.cue @@ -5,6 +5,10 @@ codebattleValues: { enable: true gatewayName: "gateway" } - certManager: enable: true + certManager: { + enable: true + useLetsencrypt: false + useCA: true + } rustExecutor: true } From b7d69266105d13877e61b5f5a5cd27cbe1f0a026 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Fri, 11 Apr 2025 15:28:06 +0200 Subject: [PATCH 10/10] move cue templates into a separate repo --- .github/workflows/package.yaml | 54 - k8s/flux.cue | 85 - k8s/timoni/bundle.cue | 39 - .../cert-manager.io/issuer/v1/types_gen.cue | 3265 ------- .../httproute/v1/types_gen.cue | 2001 ----- .../k8s.io/api/apps/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 -- .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ----------------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../api/networking/v1/register_go_gen.cue | 7 - .../k8s.io/api/networking/v1/types_go_gen.cue | 588 -- .../v1/well_known_annotations_go_gen.cue | 11 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ---- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - k8s/timoni/codebattle/cue.mod/module.cue | 2 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - k8s/timoni/codebattle/templates/config.cue | 105 - .../codebattle/templates/deployment.cue | 86 - k8s/timoni/codebattle/templates/httproute.cue | 42 - k8s/timoni/codebattle/templates/ingress.cue | 34 - k8s/timoni/codebattle/templates/issuer.cue | 32 - k8s/timoni/codebattle/templates/service.cue | 30 - k8s/timoni/codebattle/timoni.cue | 25 - k8s/timoni/codebattle/timoni.ignore | 14 - k8s/timoni/codebattle/values.cue | 23 - .../gateway/v1/types_gen.cue | 794 -- .../gatewayclass/v1/types_gen.cue | 143 - .../httproute/v1/types_gen.cue | 2266 ----- k8s/timoni/gateway/cue.mod/module.cue | 2 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - k8s/timoni/gateway/templates/config.cue | 26 - k8s/timoni/gateway/templates/gateway.cue | 31 - k8s/timoni/gateway/templates/gatewayclass.cue | 13 - k8s/timoni/gateway/templates/httproute.cue | 24 - k8s/timoni/gateway/timoni.cue | 25 - k8s/timoni/gateway/timoni.ignore | 14 - k8s/timoni/gateway/values.cue | 3 - .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ----------------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../k8s.io/api/rbac/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/rbac/v1/types_go_gen.cue | 207 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ---- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - .../kustomization/v1/types_gen.cue | 326 - .../ocirepository/v1beta2/types_gen.cue | 175 - k8s/timoni/kustomize-oci/cue.mod/module.cue | 2 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 115 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - k8s/timoni/kustomize-oci/templates/config.cue | 70 - .../templates/imagepullsecret.cue | 16 - .../kustomize-oci/templates/kustomization.cue | 40 - .../kustomize-oci/templates/ocirepository.cue | 33 - .../kustomize-oci/templates/tlssecret.cue | 21 - k8s/timoni/kustomize-oci/timoni.cue | 25 - k8s/timoni/kustomize-oci/timoni.ignore | 14 - k8s/timoni/kustomize-oci/values.cue | 3 - .../k8s.io/api/apps/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 -- .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ----------------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ---- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - k8s/timoni/runner/cue.mod/module.cue | 2 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - k8s/timoni/runner/templates/config.cue | 61 - k8s/timoni/runner/templates/deployment.cue | 53 - k8s/timoni/runner/templates/service.cue | 22 - k8s/timoni/runner/timoni.cue | 25 - k8s/timoni/runner/values.cue | 3 - k8s/timoni/runners.cue | 38 - k8s/timoni/values.cue | 14 - 223 files changed, 45889 deletions(-) delete mode 100644 .github/workflows/package.yaml delete mode 100644 k8s/flux.cue delete mode 100644 k8s/timoni/bundle.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/module.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 k8s/timoni/codebattle/templates/config.cue delete mode 100644 k8s/timoni/codebattle/templates/deployment.cue delete mode 100644 k8s/timoni/codebattle/templates/httproute.cue delete mode 100644 k8s/timoni/codebattle/templates/ingress.cue delete mode 100644 k8s/timoni/codebattle/templates/issuer.cue delete mode 100644 k8s/timoni/codebattle/templates/service.cue delete mode 100644 k8s/timoni/codebattle/timoni.cue delete mode 100644 k8s/timoni/codebattle/timoni.ignore delete mode 100644 k8s/timoni/codebattle/values.cue delete mode 100644 k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue delete mode 100644 k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue delete mode 100644 k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue delete mode 100644 k8s/timoni/gateway/cue.mod/module.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 k8s/timoni/gateway/templates/config.cue delete mode 100644 k8s/timoni/gateway/templates/gateway.cue delete mode 100644 k8s/timoni/gateway/templates/gatewayclass.cue delete mode 100644 k8s/timoni/gateway/templates/httproute.cue delete mode 100644 k8s/timoni/gateway/timoni.cue delete mode 100644 k8s/timoni/gateway/timoni.ignore delete mode 100644 k8s/timoni/gateway/values.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/module.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 k8s/timoni/kustomize-oci/templates/config.cue delete mode 100644 k8s/timoni/kustomize-oci/templates/imagepullsecret.cue delete mode 100644 k8s/timoni/kustomize-oci/templates/kustomization.cue delete mode 100644 k8s/timoni/kustomize-oci/templates/ocirepository.cue delete mode 100644 k8s/timoni/kustomize-oci/templates/tlssecret.cue delete mode 100644 k8s/timoni/kustomize-oci/timoni.cue delete mode 100644 k8s/timoni/kustomize-oci/timoni.ignore delete mode 100644 k8s/timoni/kustomize-oci/values.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 k8s/timoni/runner/cue.mod/module.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 k8s/timoni/runner/templates/config.cue delete mode 100644 k8s/timoni/runner/templates/deployment.cue delete mode 100644 k8s/timoni/runner/templates/service.cue delete mode 100644 k8s/timoni/runner/timoni.cue delete mode 100644 k8s/timoni/runner/values.cue delete mode 100644 k8s/timoni/runners.cue delete mode 100644 k8s/timoni/values.cue diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml deleted file mode 100644 index 18c890b15..000000000 --- a/.github/workflows/package.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Build package - -on: - push: - branches: - - master - - setup/* - -jobs: - build-package: - permissions: - contents: read - packages: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Setup Timoni - uses: stefanprodan/timoni/actions/setup@main - - name: Setup Flux - uses: fluxcd/flux2/action@main - - - name: Preapre tag - run: | - tag=$(echo ${{ github.ref_name}} | tr '/' '-') - echo "tag=${tag}" >> "${GITHUB_ENV}" - - - name: Build bundle - env: - BUNDLE_PATH: k8s/timoni/ - run: | - mkdir ${{ runner.temp }}/timoni - timoni bundle build \ - -f ${BUNDLE_PATH}bundle.cue \ - -f ${BUNDLE_PATH}runners.cue \ - -f ${BUNDLE_PATH}values.cue > ${{ runner.temp }}/timoni/build.yaml - - - name: Diff artifacts - run: | - set +e - flux diff artifact \ - --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - oci://ghcr.io/${{ github.repository }}-manifests:${tag} \ - --path ${{ runner.temp }}/timoni - echo "diff=$?" >> "${GITHUB_ENV}" - - - name: Push artifact - if: ${{ env.diff != '0' }} - run: | - flux push artifact \ - --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - -f ${{ runner.temp }}/timoni \ - --source ${{ github.repositoryUrl }} \ - --revision ${{ inputs.tag }}@sha1:${{ github.sha }} \ - oci://ghcr.io/${{ github.repository }}-manifests:${tag} diff --git a/k8s/flux.cue b/k8s/flux.cue deleted file mode 100644 index dfc48e463..000000000 --- a/k8s/flux.cue +++ /dev/null @@ -1,85 +0,0 @@ -bundle: { - apiVersion: "v1alpha1" - name: "codebattle" - instances: { - "cert-manager": { - module: url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release" - namespace: "flux-system" - values: { - repository: url: "https://charts.jetstack.io" - chart: { - name: "cert-manager" - version: "v1.17.0" - } - sync: targetNamespace: "codebattle" - helmValues: { - crds: enabled: true - config: { - apiVersion: "controller.config.cert-manager.io/v1alpha1" - kind: "ControllerConfiguration" - enableGatewayAPI: true - } - } - } - } - "gateway": { - module: url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release" - namespace: "flux-system" - values: { - repository: url: "oci://registry-1.docker.io/envoyproxy" - chart: { - name: "gateway-helm" - version: "v1.3.0" - } - sync: targetNamespace: "codebattle" - } - } - "codebattle": { - module: url: "file://timoni/kustomize-oci" - namespace: "flux-system" - values: { - artifact: { - url: "oci://ghcr.io/hexlet-codebattle/codebattle-manifests" - tag: "master" @timoni(runtime:string:CODEBATTLE_PKG_TAG) - } - auth: credentials: { - username: string @timoni(runtime:string:GITHUB_USERNAME) - password: string @timoni(runtime:string:GITHUB_TOKEN) - } - _hostname: string @timoni(runtime:string:CODEBATTLE_HOSTNAME) - patches: [{ - patch: [{ - op: "add" - path: "/spec/listeners/0/hostname" - value: _hostname - }, { - op: "add" - path: "/spec/listeners/1/hostname" - value: _hostname - }] - target: { - group: "gateway.networking.k8s.io" - kind: "Gateway" - name: "gateway" - namespace: "codebattle" - } - }, { - patch: [{ - op: "add" - path: "/spec/template/spec/containers/0/env/-" - value: { - name: "CODEBATTLE_HOSTNAME" - value: _hostname - } - }] - target: { - group: "apps" - kind: "Deployment" - name: "codebattle" - namespace: "codebattle" - } - }] - } - } - } -} diff --git a/k8s/timoni/bundle.cue b/k8s/timoni/bundle.cue deleted file mode 100644 index 0c9ba1e6c..000000000 --- a/k8s/timoni/bundle.cue +++ /dev/null @@ -1,39 +0,0 @@ -#RunnerConfig: { - image: string - version: string - lang: string - replicas: uint -} - -runners: [string]: #RunnerConfig -codebattleValues: {} - -bundle: { - apiVersion: "v1alpha1" - name: "codebattle" - instances: { - codebattle: { - module: url: "file://codebattle" - namespace: "codebattle" - values: codebattleValues - } - for runner in runners { - "runner-\(runner.lang)": { - module: url: "file://runner" - namespace: "codebattle" - values: { - registry: "docker.io" - image: { - repository: "\(registry)/\(runner.image)" - tag: runner.version - } - replicas: runner.replicas - } - } - } - gateway: { - module: url: "file://gateway" - namespace: "codebattle" - } - } -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue deleted file mode 100644 index ce9218473..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/cert-manager.io/issuer/v1/types_gen.cue +++ /dev/null @@ -1,3265 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.0/cert-manager.yaml - -package v1 - -import "strings" - -// An Issuer represents a certificate issuing authority which can -// be -// referenced as part of `issuerRef` fields. -// It is scoped to a single namespace and can therefore only be -// referenced by -// resources within the same namespace. -#Issuer: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "cert-manager.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "Issuer" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // Desired state of the Issuer resource. - spec!: #IssuerSpec -} - -// Desired state of the Issuer resource. -#IssuerSpec: { - // ACME configures this issuer to communicate with a RFC8555 - // (ACME) server - // to obtain signed x509 certificates. - acme?: { - // Base64-encoded bundle of PEM CAs which can be used to validate - // the certificate - // chain presented by the ACME server. - // Mutually exclusive with SkipTLSVerify; prefer using CABundle to - // prevent various - // kinds of security vulnerabilities. - // If CABundle and SkipTLSVerify are unset, the system certificate - // bundle inside - // the container is used to validate the TLS connection. - caBundle?: string - - // Enables or disables generating a new ACME account key. - // If true, the Issuer resource will *not* request a new account - // but will expect - // the account key to be supplied via an existing secret. - // If false, the cert-manager system will generate a new ACME - // account key - // for the Issuer. - // Defaults to false. - disableAccountKeyGeneration?: bool - - // Email is the email address to be associated with the ACME - // account. - // This field is optional, but it is strongly recommended to be - // set. - // It will be used to contact you in case of issues with your - // account or - // certificates, including expiry notification emails. - // This field may be updated after the account is initially - // registered. - email?: string - - // Enables requesting a Not After date on certificates that - // matches the - // duration of the certificate. This is not supported by all ACME - // servers - // like Let's Encrypt. If set to true when the ACME server does - // not support - // it, it will create an error on the Order. - // Defaults to false. - enableDurationFeature?: bool - - // ExternalAccountBinding is a reference to a CA external account - // of the ACME - // server. - // If set, upon registration cert-manager will attempt to - // associate the given - // external account credentials with the registered ACME account. - externalAccountBinding?: { - // Deprecated: keyAlgorithm field exists for historical - // compatibility - // reasons and should not be used. The algorithm is now hardcoded - // to HS256 - // in golang/x/crypto/acme. - keyAlgorithm?: "HS256" | "HS384" | "HS512" - - // keyID is the ID of the CA key that the External Account is - // bound to. - keyID!: string - - // keySecretRef is a Secret Key Selector referencing a data item - // in a Kubernetes - // Secret which holds the symmetric MAC key of the External - // Account Binding. - // The `key` is the index string that is paired with the key data - // in the - // Secret and should not be confused with the key data itself, or - // indeed with - // the External Account Binding keyID above. - // The secret key stored in the Secret **must** be un-padded, - // base64 URL - // encoded data. - keySecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // PreferredChain is the chain to use if the ACME server outputs - // multiple. - // PreferredChain is no guarantee that this one gets delivered by - // the ACME - // endpoint. - // For example, for Let's Encrypt's DST crosssign you would use: - // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt - // root CA. - // This value picks the first certificate bundle in the combined - // set of - // ACME default and alternative chains that has a root-most - // certificate with - // this value as its issuer's commonname. - preferredChain?: strings.MaxRunes(64) - - // PrivateKey is the name of a Kubernetes Secret resource that - // will be used to - // store the automatically generated ACME account private key. - // Optionally, a `key` may be specified to select a specific entry - // within - // the named Secret resource. - // If `key` is not specified, a default of `tls.key` will be used. - privateKeySecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // Server is the URL used to access the ACME server's 'directory' - // endpoint. - // For example, for Let's Encrypt's staging endpoint, you would - // use: - // "https://acme-staging-v02.api.letsencrypt.org/directory". - // Only ACME v2 endpoints (i.e. RFC 8555) are supported. - server!: string - - // INSECURE: Enables or disables validation of the ACME server TLS - // certificate. - // If true, requests to the ACME server will not have the TLS - // certificate chain - // validated. - // Mutually exclusive with CABundle; prefer using CABundle to - // prevent various - // kinds of security vulnerabilities. - // Only enable this option in development environments. - // If CABundle and SkipTLSVerify are unset, the system certificate - // bundle inside - // the container is used to validate the TLS connection. - // Defaults to false. - skipTLSVerify?: bool - - // Solvers is a list of challenge solvers that will be used to - // solve - // ACME challenges for the matching domains. - // Solver configurations must be provided in order to obtain - // certificates - // from an ACME server. - // For more information, see: - // https://cert-manager.io/docs/configuration/acme/ - solvers?: [...{ - // Configures cert-manager to attempt to complete authorizations - // by - // performing the DNS01 challenge flow. - dns01?: { - // Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to - // manage - // DNS01 challenge records. - acmeDNS?: { - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - accountSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - host!: string - } - - // Use the Akamai DNS zone management API to manage DNS01 - // challenge records. - akamai?: { - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - accessTokenSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - clientSecretSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - clientTokenSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - serviceConsumerDomain!: string - } - - // Use the Microsoft Azure DNS API to manage DNS01 challenge - // records. - azureDNS?: { - // Auth: Azure Service Principal: - // The ClientID of the Azure Service Principal used to - // authenticate with Azure DNS. - // If set, ClientSecret and TenantID must also be set. - clientID?: string - - // Auth: Azure Service Principal: - // A reference to a Secret containing the password associated with - // the Service Principal. - // If set, ClientID and TenantID must also be set. - clientSecretSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // name of the Azure environment (default AzurePublicCloud) - environment?: "AzurePublicCloud" | "AzureChinaCloud" | "AzureGermanCloud" | "AzureUSGovernmentCloud" - - // name of the DNS zone that should be used - hostedZoneName?: string - - // Auth: Azure Workload Identity or Azure Managed Service - // Identity: - // Settings to enable Azure Workload Identity or Azure Managed - // Service Identity - // If set, ClientID, ClientSecret and TenantID must not be set. - managedIdentity?: { - // client ID of the managed identity, can not be used at the same - // time as resourceID - clientID?: string - - // resource ID of the managed identity, can not be used at the - // same time as clientID - // Cannot be used for Azure Managed Service Identity - resourceID?: string - - // tenant ID of the managed identity, can not be used at the same - // time as resourceID - tenantID?: string - } - - // resource group the DNS zone is located in - resourceGroupName!: string - - // ID of the Azure subscription - subscriptionID!: string - - // Auth: Azure Service Principal: - // The TenantID of the Azure Service Principal used to - // authenticate with Azure DNS. - // If set, ClientID and ClientSecret must also be set. - tenantID?: string - } - - // Use the Google Cloud DNS API to manage DNS01 challenge records. - cloudDNS?: { - // HostedZoneName is an optional field that tells cert-manager in - // which - // Cloud DNS zone the challenge record has to be created. - // If left empty cert-manager will automatically choose a zone. - hostedZoneName?: string - project!: string - - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - serviceAccountSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // Use the Cloudflare API to manage DNS01 challenge records. - cloudflare?: { - // API key to use to authenticate with Cloudflare. - // Note: using an API token to authenticate is now the recommended - // method - // as it allows greater control of permissions. - apiKeySecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // API token used to authenticate with Cloudflare. - apiTokenSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // Email of the account, only required when using API key based - // authentication. - email?: string - } - - // CNAMEStrategy configures how the DNS01 provider should handle - // CNAME - // records when found in DNS zones. - cnameStrategy?: "None" | "Follow" - digitalocean?: { - // A reference to a specific 'key' within a Secret resource. - // In some instances, `key` is a required field. - tokenSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // Use RFC2136 ("Dynamic Updates in the Domain Name System") - // (https://datatracker.ietf.org/doc/rfc2136/) - // to manage DNS01 challenge records. - rfc2136?: { - // The IP address or hostname of an authoritative DNS server - // supporting - // RFC2136 in the form host:port. If the host is an IPv6 address - // it must be - // enclosed in square brackets (e.g [2001:db8::1]) ; port is - // optional. - // This field is required. - nameserver!: string - - // The TSIG Algorithm configured in the DNS supporting RFC2136. - // Used only - // when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. - // Supported values are (case-insensitive): ``HMACMD5`` (default), - // ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. - tsigAlgorithm?: string - - // The TSIG Key name configured in the DNS. - // If ``tsigSecretSecretRef`` is defined, this field is required. - tsigKeyName?: string - - // The name of the secret containing the TSIG value. - // If ``tsigKeyName`` is defined, this field is required. - tsigSecretSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // Use the AWS Route53 API to manage DNS01 challenge records. - route53?: { - // The AccessKeyID is used for authentication. - // Cannot be set when SecretAccessKeyID is set. - // If neither the Access Key nor Key ID are set, we fall-back to - // using env - // vars, shared credentials file or AWS Instance metadata, - // see: - // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - accessKeyID?: string - - // The SecretAccessKey is used for authentication. If set, pull - // the AWS - // access key ID from a key within a Kubernetes Secret. - // Cannot be set when AccessKeyID is set. - // If neither the Access Key nor Key ID are set, we fall-back to - // using env - // vars, shared credentials file or AWS Instance metadata, - // see: - // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - accessKeyIDSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - auth?: { - kubernetes!: { - // A reference to a service account that will be used to request a - // bound - // token (also known as "projected token"). To use this field, you - // must - // configure an RBAC rule to let cert-manager request a token. - serviceAccountRef!: { - // TokenAudiences is an optional list of audiences to include in - // the - // token passed to AWS. The default token consisting of the - // issuer's namespace - // and name is always included. - // If unset the audience defaults to `sts.amazonaws.com`. - audiences?: [...string] - - // Name of the ServiceAccount used to request a token. - name!: string - } - } - } - - // If set, the provider will manage only this zone in Route53 and - // will not do a lookup using the route53:ListHostedZonesByName - // api call. - hostedZoneID?: string - - // Override the AWS region. - // - // Route53 is a global service and does not have regional - // endpoints but the - // region specified here (or via environment variables) is used as - // a hint to - // help compute the correct AWS credential scope and partition - // when it - // connects to Route53. See: - // - [Amazon Route 53 endpoints and - // quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) - // - [Global - // services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) - // - // If you omit this region field, cert-manager will use the region - // from - // AWS_REGION and AWS_DEFAULT_REGION environment variables, if - // they are set - // in the cert-manager controller Pod. - // - // The `region` field is not needed if you use [IAM Roles for - // Service Accounts - // (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). - // Instead an AWS_REGION environment variable is added to the - // cert-manager controller Pod by: - // [Amazon EKS Pod Identity - // Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). - // In this case this `region` field value is ignored. - // - // The `region` field is not needed if you use [EKS Pod - // Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). - // Instead an AWS_REGION environment variable is added to the - // cert-manager controller Pod by: - // [Amazon EKS Pod Identity - // Agent](https://github.com/aws/eks-pod-identity-agent), - // In this case this `region` field value is ignored. - region?: string - - // Role is a Role ARN which the Route53 provider will assume using - // either the explicit credentials AccessKeyID/SecretAccessKey - // or the inferred credentials from environment variables, shared - // credentials file or AWS Instance metadata - role?: string - - // The SecretAccessKey is used for authentication. - // If neither the Access Key nor Key ID are set, we fall-back to - // using env - // vars, shared credentials file or AWS Instance metadata, - // see: - // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - secretAccessKeySecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // Configure an external webhook based DNS01 challenge solver to - // manage - // DNS01 challenge records. - webhook?: { - // Additional configuration that should be passed to the webhook - // apiserver - // when challenges are processed. - // This can contain arbitrary JSON data. - // Secret values should not be specified in this stanza. - // If secret values are needed (e.g. credentials for a DNS - // service), you - // should use a SecretKeySelector to reference a Secret resource. - // For details on the schema of this field, consult the webhook - // provider - // implementation's documentation. - config?: _ - - // The API group name that should be used when POSTing - // ChallengePayload - // resources to the webhook apiserver. - // This should be the same as the GroupName specified in the - // webhook - // provider implementation. - groupName!: string - - // The name of the solver to use, as defined in the webhook - // provider - // implementation. - // This will typically be the name of the provider, e.g. - // 'cloudflare'. - solverName!: string - } - } - - // Configures cert-manager to attempt to complete authorizations - // by - // performing the HTTP01 challenge flow. - // It is not possible to obtain certificates for wildcard domain - // names - // (e.g. `*.example.com`) using the HTTP01 challenge mechanism. - http01?: { - // The Gateway API is a sig-network community API that models - // service networking - // in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway - // solver will - // create HTTPRoutes with the specified labels in the same - // namespace as the challenge. - // This solver is experimental, and fields / behaviour may change - // in the future. - gatewayHTTPRoute?: { - // Custom labels that will be applied to HTTPRoutes created by - // cert-manager - // while solving HTTP-01 challenges. - labels?: close({ - [string]: string - }) - - // When solving an HTTP-01 challenge, cert-manager creates an - // HTTPRoute. - // cert-manager needs to know which parentRefs should be used when - // creating - // the HTTPRoute. Usually, the parentRef references a Gateway. - // See: - // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways - parentRefs?: [...{ - // Group is the group of the referent. - // When unspecified, "gateway.networking.k8s.io" is inferred. - // To set the core API group (such as for a "Service" kind - // referent), - // Group must be explicitly set to "" (empty string). - // - // Support: Core - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io" - - // Kind is kind of the referent. - // - // There are two kinds of parent resources with "Core" support: - // - // * Gateway (Gateway conformance profile) - // * Service (Mesh conformance profile, ClusterIP Services only) - // - // Support for other resources is Implementation-Specific. - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway" - - // Name is the name of the referent. - // - // Support: Core - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referent. When unspecified, - // this refers - // to the local namespace of the Route. - // - // Note that there are specific rules for ParentRefs which cross - // namespace - // boundaries. Cross-namespace references are only valid if they - // are explicitly - // allowed by something in the namespace they are referring to. - // For example: - // Gateway has the AllowedRoutes field, and ReferenceGrant - // provides a - // generic way to enable any other kind of cross-namespace - // reference. - // - // - // ParentRefs from a Route to a Service in the same namespace are - // "producer" - // routes, which apply default routing rules to inbound - // connections from - // any namespace to the Service. - // - // ParentRefs from a Route to a Service in a different namespace - // are - // "consumer" routes, and these routing rules are only applied to - // outbound - // connections originating from the same namespace as the Route, - // for which - // the intended destination of the connections are a Service - // targeted as a - // ParentRef of the Route. - // - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port is the network port this Route targets. It can be - // interpreted - // differently based on the type of parent resource. - // - // When the parent resource is a Gateway, this targets all - // listeners - // listening on the specified port that also support this kind of - // Route(and - // select this Route). It's not recommended to set `Port` unless - // the - // networking behaviors specified in a Route must apply to a - // specific port - // as opposed to a listener(s) whose port(s) may be changed. When - // both Port - // and SectionName are specified, the name and port of the - // selected listener - // must match both specified values. - // - // - // When the parent resource is a Service, this targets a specific - // port in the - // Service spec. When both Port (experimental) and SectionName are - // specified, - // the name and port of the selected port must match both - // specified values. - // - // - // Implementations MAY choose to support other parent resources. - // Implementations supporting other types of parent resources MUST - // clearly - // document how/if Port is interpreted. - // - // For the purpose of status, an attachment is considered - // successful as - // long as the parent resource accepts it partially. For example, - // Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment - // from the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, - // the Route MUST be considered detached from the Gateway. - // - // Support: Extended - port?: uint16 & >=1 - - // SectionName is the name of a section within the target - // resource. In the - // following resources, SectionName is interpreted as the - // following: - // - // * Gateway: Listener name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // * Service: Port name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // - // Implementations MAY choose to support attaching Routes to other - // resources. - // If that is the case, they MUST clearly document how SectionName - // is - // interpreted. - // - // When unspecified (empty string), this will reference the entire - // resource. - // For the purpose of status, an attachment is considered - // successful if at - // least one section in the parent resource accepts it. For - // example, Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment from - // the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, the - // Route MUST be considered detached from the Gateway. - // - // Support: Core - sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - }] - - // Optional pod template used to configure the ACME challenge - // solver pods - // used for HTTP01 challenges. - podTemplate?: { - // ObjectMeta overrides for the pod used to solve HTTP01 - // challenges. - // Only the 'labels' and 'annotations' fields may be set. - // If labels or annotations overlap with in-built values, the - // values here - // will override the in-built values. - metadata?: { - // Annotations that should be added to the created ACME HTTP01 - // solver pods. - annotations?: close({ - [string]: string - }) - - // Labels that should be added to the created ACME HTTP01 solver - // pods. - labels?: close({ - [string]: string - }) - } - - // PodSpec defines overrides for the HTTP01 challenge solver pod. - // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out - // currently supported fields. - // All other fields will be ignored. - spec?: { - // If specified, the pod's scheduling constraints - affinity?: { - // Describes node affinity scheduling rules for the pod. - nodeAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the affinity expressions specified by this field, but it may - // choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node matches the corresponding - // matchExpressions; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // A node selector term, associated with the corresponding weight. - preference!: { - // A list of node selector requirements by node's labels. - matchExpressions?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - - // A list of node selector requirements by node's fields. - matchFields?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - } - - // Weight associated with matching the corresponding - // nodeSelectorTerm, in the range 1-100. - weight!: int32 - }] - requiredDuringSchedulingIgnoredDuringExecution?: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms!: [...{ - // A list of node selector requirements by node's labels. - matchExpressions?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - - // A list of node selector requirements by node's fields. - matchFields?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - }] - } - } - - // Describes pod affinity scheduling rules (e.g. co-locate this - // pod in the same node, zone, etc. as some other pod(s)). - podAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the affinity expressions specified by this field, but it may - // choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node has pods which matches the - // corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // Required. A pod affinity term, associated with the - // corresponding weight. - podAffinityTerm!: { - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - } - - // weight associated with matching the corresponding - // podAffinityTerm, - // in the range 1-100. - weight!: int32 - }] - - // If the affinity requirements specified by this field are not - // met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to - // be met - // at some point during pod execution (e.g. due to a pod label - // update), the - // system may or may not try to eventually evict the pod from its - // node. - // When there are multiple elements, the lists of nodes - // corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be - // satisfied. - requiredDuringSchedulingIgnoredDuringExecution?: [...{ - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - }] - } - - // Describes pod anti-affinity scheduling rules (e.g. avoid - // putting this pod in the same node, zone, etc. as some other - // pod(s)). - podAntiAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the anti-affinity expressions specified by this field, but it - // may choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling anti-affinity expressions, - // etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node has pods which matches the - // corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // Required. A pod affinity term, associated with the - // corresponding weight. - podAffinityTerm!: { - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - } - - // weight associated with matching the corresponding - // podAffinityTerm, - // in the range 1-100. - weight!: int32 - }] - - // If the anti-affinity requirements specified by this field are - // not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease - // to be met - // at some point during pod execution (e.g. due to a pod label - // update), the - // system may or may not try to eventually evict the pod from its - // node. - // When there are multiple elements, the lists of nodes - // corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be - // satisfied. - requiredDuringSchedulingIgnoredDuringExecution?: [...{ - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - }] - } - } - - // If specified, the pod's imagePullSecrets - imagePullSecrets?: [...{ - // Name of the referent. - // This field is effectively required, but due to backwards - // compatibility is - // allowed to be empty. Instances of this type with an empty value - // here are - // almost certainly wrong. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name?: string | *"" - }] - - // NodeSelector is a selector which must be true for the pod to - // fit on a node. - // Selector which must match a node's labels for the pod to be - // scheduled on that node. - // More info: - // https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - nodeSelector?: close({ - [string]: string - }) - - // If specified, the pod's priorityClassName. - priorityClassName?: string - - // If specified, the pod's security context - securityContext?: { - // A special supplemental group that applies to all containers in - // a pod. - // Some volume types allow the Kubelet to change the ownership of - // that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will - // be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and - // permissions of any volume. - // Note that this field cannot be set when spec.os.name is - // windows. - fsGroup?: int64 - - // fsGroupChangePolicy defines behavior of changing ownership and - // permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and - // permissions). - // It will have no effect on ephemeral volume types such as: - // secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not - // specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is - // windows. - fsGroupChangePolicy?: string - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - runAsGroup?: int64 - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to - // ensure that it - // does not run as UID 0 (root) and fail to start the container if - // it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence. - runAsNonRoot?: bool - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - runAsUser?: int64 - - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random - // SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value - // specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - seLinuxOptions?: { - // Level is SELinux level label that applies to the container. - level?: string - - // Role is a SELinux role label that applies to the container. - role?: string - - // Type is a SELinux type label that applies to the container. - type?: string - - // User is a SELinux user label that applies to the container. - user?: string - } - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is - // windows. - seccompProfile?: { - // localhostProfile indicates a profile defined in a file on the - // node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured - // seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any - // other type. - localhostProfile?: string - - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be - // used. - // RuntimeDefault - the container runtime default profile should - // be used. - // Unconfined - no profile should be applied. - type!: string - } - - // A list of groups applied to the first process run in each - // container, in addition - // to the container's primary GID, the fsGroup (if specified), and - // group memberships - // defined in the container image for the uid of the container - // process. If unspecified, - // no additional groups are added to any container. Note that - // group memberships - // defined in the container image for the uid of the container - // process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is - // windows. - supplementalGroups?: [...int64 & int] - - // Sysctls hold a list of namespaced sysctls used for the pod. - // Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is - // windows. - sysctls?: [...{ - // Name of a property to set - name!: string - - // Value of a property to set - value!: string - }] - } - - // If specified, the pod's service account - serviceAccountName?: string - - // If specified, the pod's tolerations. - tolerations?: [...{ - // Effect indicates the taint effect to match. Empty means match - // all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule - // and NoExecute. - effect?: string - - // Key is the taint key that the toleration applies to. Empty - // means match all taint keys. - // If the key is empty, operator must be Exists; this combination - // means to match all values and all keys. - key?: string - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - operator?: string - - // TolerationSeconds represents the period of time the toleration - // (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates - // the taint. By default, - // it is not set, which means tolerate the taint forever (do not - // evict). Zero and - // negative values will be treated as 0 (evict immediately) by the - // system. - tolerationSeconds?: int64 - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise - // just a regular string. - value?: string - }] - } - } - - // Optional service type for Kubernetes solver service. Supported - // values - // are NodePort or ClusterIP. If unset, defaults to NodePort. - serviceType?: string - } - - // The ingress based HTTP01 challenge solver will solve challenges - // by - // creating or modifying Ingress resources in order to route - // requests for - // '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods - // that are - // provisioned by cert-manager for each Challenge to be completed. - ingress?: { - // This field configures the annotation - // `kubernetes.io/ingress.class` when - // creating Ingress resources to solve ACME challenges that use - // this - // challenge solver. Only one of `class`, `name` or - // `ingressClassName` may - // be specified. - class?: string - - // This field configures the field `ingressClassName` on the - // created Ingress - // resources used to solve ACME challenges that use this challenge - // solver. - // This is the recommended way of configuring the ingress class. - // Only one of - // `class`, `name` or `ingressClassName` may be specified. - ingressClassName?: string - ingressTemplate?: { - // ObjectMeta overrides for the ingress used to solve HTTP01 - // challenges. - // Only the 'labels' and 'annotations' fields may be set. - // If labels or annotations overlap with in-built values, the - // values here - // will override the in-built values. - metadata?: { - // Annotations that should be added to the created ACME HTTP01 - // solver ingress. - annotations?: close({ - [string]: string - }) - - // Labels that should be added to the created ACME HTTP01 solver - // ingress. - labels?: close({ - [string]: string - }) - } - } - - // The name of the ingress resource that should have ACME - // challenge solving - // routes inserted into it in order to solve HTTP01 challenges. - // This is typically used in conjunction with ingress controllers - // like - // ingress-gce, which maintains a 1:1 mapping between external IPs - // and - // ingress resources. Only one of `class`, `name` or - // `ingressClassName` may - // be specified. - name?: string - - // Optional pod template used to configure the ACME challenge - // solver pods - // used for HTTP01 challenges. - podTemplate?: { - // ObjectMeta overrides for the pod used to solve HTTP01 - // challenges. - // Only the 'labels' and 'annotations' fields may be set. - // If labels or annotations overlap with in-built values, the - // values here - // will override the in-built values. - metadata?: { - // Annotations that should be added to the created ACME HTTP01 - // solver pods. - annotations?: close({ - [string]: string - }) - - // Labels that should be added to the created ACME HTTP01 solver - // pods. - labels?: close({ - [string]: string - }) - } - - // PodSpec defines overrides for the HTTP01 challenge solver pod. - // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out - // currently supported fields. - // All other fields will be ignored. - spec?: { - // If specified, the pod's scheduling constraints - affinity?: { - // Describes node affinity scheduling rules for the pod. - nodeAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the affinity expressions specified by this field, but it may - // choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node matches the corresponding - // matchExpressions; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // A node selector term, associated with the corresponding weight. - preference!: { - // A list of node selector requirements by node's labels. - matchExpressions?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - - // A list of node selector requirements by node's fields. - matchFields?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - } - - // Weight associated with matching the corresponding - // nodeSelectorTerm, in the range 1-100. - weight!: int32 - }] - requiredDuringSchedulingIgnoredDuringExecution?: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms!: [...{ - // A list of node selector requirements by node's labels. - matchExpressions?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - - // A list of node selector requirements by node's fields. - matchFields?: [...{ - // The label key that the selector applies to. - key!: string - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and - // Lt. - operator!: string - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, - // the values - // array must have a single element, which will be interpreted as - // an integer. - // This array is replaced during a strategic merge patch. - values?: [...string] - }] - }] - } - } - - // Describes pod affinity scheduling rules (e.g. co-locate this - // pod in the same node, zone, etc. as some other pod(s)). - podAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the affinity expressions specified by this field, but it may - // choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node has pods which matches the - // corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // Required. A pod affinity term, associated with the - // corresponding weight. - podAffinityTerm!: { - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - } - - // weight associated with matching the corresponding - // podAffinityTerm, - // in the range 1-100. - weight!: int32 - }] - - // If the affinity requirements specified by this field are not - // met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to - // be met - // at some point during pod execution (e.g. due to a pod label - // update), the - // system may or may not try to eventually evict the pod from its - // node. - // When there are multiple elements, the lists of nodes - // corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be - // satisfied. - requiredDuringSchedulingIgnoredDuringExecution?: [...{ - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - }] - } - - // Describes pod anti-affinity scheduling rules (e.g. avoid - // putting this pod in the same node, zone, etc. as some other - // pod(s)). - podAntiAffinity?: { - // The scheduler will prefer to schedule pods to nodes that - // satisfy - // the anti-affinity expressions specified by this field, but it - // may choose - // a node that violates one or more of the expressions. The node - // that is - // most preferred is the one with the greatest sum of weights, - // i.e. - // for each node that meets all of the scheduling requirements - // (resource - // request, requiredDuringScheduling anti-affinity expressions, - // etc.), - // compute a sum by iterating through the elements of this field - // and adding - // "weight" to the sum if the node has pods which matches the - // corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - preferredDuringSchedulingIgnoredDuringExecution?: [...{ - // Required. A pod affinity term, associated with the - // corresponding weight. - podAffinityTerm!: { - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - } - - // weight associated with matching the corresponding - // podAffinityTerm, - // in the range 1-100. - weight!: int32 - }] - - // If the anti-affinity requirements specified by this field are - // not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease - // to be met - // at some point during pod execution (e.g. due to a pod label - // update), the - // system may or may not try to eventually evict the pod from its - // node. - // When there are multiple elements, the lists of nodes - // corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be - // satisfied. - requiredDuringSchedulingIgnoredDuringExecution?: [...{ - // A label query over a set of resources, in this case pods. - // If it's null, this PodAffinityTerm matches with no Pods. - labelSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // MatchLabelKeys is a set of pod label keys to select which pods - // will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key in (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both matchLabelKeys and - // labelSelector. - // Also, matchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - matchLabelKeys?: [...string] - - // MismatchLabelKeys is a set of pod label keys to select which - // pods will - // be taken into consideration. The keys are used to lookup values - // from the - // incoming pod labels, those key-value labels are merged with - // `labelSelector` as `key notin (value)` - // to select the group of existing pods which pods will be taken - // into consideration - // for the incoming pod's pod (anti) affinity. Keys that don't - // exist in the incoming - // pod labels will be ignored. The default value is empty. - // The same key is forbidden to exist in both mismatchLabelKeys - // and labelSelector. - // Also, mismatchLabelKeys cannot be set when labelSelector isn't - // set. - // This is a beta field and requires enabling - // MatchLabelKeysInPodAffinity feature gate (enabled by default). - mismatchLabelKeys?: [...string] - - // A label query over the set of namespaces that the term applies - // to. - // The term is applied to the union of the namespaces selected by - // this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this - // pod's namespace". - // An empty selector ({}) matches all namespaces. - namespaceSelector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - - // namespaces specifies a static list of namespace names that the - // term applies to. - // The term is applied to the union of the namespaces listed in - // this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means - // "this pod's namespace". - namespaces?: [...string] - - // This pod should be co-located (affinity) or not co-located - // (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located - // is defined as running on a node - // whose value of the label with key topologyKey matches that of - // any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey!: string - }] - } - } - - // If specified, the pod's imagePullSecrets - imagePullSecrets?: [...{ - // Name of the referent. - // This field is effectively required, but due to backwards - // compatibility is - // allowed to be empty. Instances of this type with an empty value - // here are - // almost certainly wrong. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name?: string | *"" - }] - - // NodeSelector is a selector which must be true for the pod to - // fit on a node. - // Selector which must match a node's labels for the pod to be - // scheduled on that node. - // More info: - // https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - nodeSelector?: close({ - [string]: string - }) - - // If specified, the pod's priorityClassName. - priorityClassName?: string - - // If specified, the pod's security context - securityContext?: { - // A special supplemental group that applies to all containers in - // a pod. - // Some volume types allow the Kubelet to change the ownership of - // that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will - // be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and - // permissions of any volume. - // Note that this field cannot be set when spec.os.name is - // windows. - fsGroup?: int64 - - // fsGroupChangePolicy defines behavior of changing ownership and - // permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and - // permissions). - // It will have no effect on ephemeral volume types such as: - // secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not - // specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is - // windows. - fsGroupChangePolicy?: string - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - runAsGroup?: int64 - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to - // ensure that it - // does not run as UID 0 (root) and fail to start the container if - // it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence. - runAsNonRoot?: bool - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both - // SecurityContext and - // PodSecurityContext, the value specified in SecurityContext - // takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - runAsUser?: int64 - - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random - // SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value - // specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is - // windows. - seLinuxOptions?: { - // Level is SELinux level label that applies to the container. - level?: string - - // Role is a SELinux role label that applies to the container. - role?: string - - // Type is a SELinux type label that applies to the container. - type?: string - - // User is a SELinux user label that applies to the container. - user?: string - } - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is - // windows. - seccompProfile?: { - // localhostProfile indicates a profile defined in a file on the - // node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured - // seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any - // other type. - localhostProfile?: string - - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be - // used. - // RuntimeDefault - the container runtime default profile should - // be used. - // Unconfined - no profile should be applied. - type!: string - } - - // A list of groups applied to the first process run in each - // container, in addition - // to the container's primary GID, the fsGroup (if specified), and - // group memberships - // defined in the container image for the uid of the container - // process. If unspecified, - // no additional groups are added to any container. Note that - // group memberships - // defined in the container image for the uid of the container - // process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is - // windows. - supplementalGroups?: [...int64 & int] - - // Sysctls hold a list of namespaced sysctls used for the pod. - // Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is - // windows. - sysctls?: [...{ - // Name of a property to set - name!: string - - // Value of a property to set - value!: string - }] - } - - // If specified, the pod's service account - serviceAccountName?: string - - // If specified, the pod's tolerations. - tolerations?: [...{ - // Effect indicates the taint effect to match. Empty means match - // all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule - // and NoExecute. - effect?: string - - // Key is the taint key that the toleration applies to. Empty - // means match all taint keys. - // If the key is empty, operator must be Exists; this combination - // means to match all values and all keys. - key?: string - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - operator?: string - - // TolerationSeconds represents the period of time the toleration - // (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates - // the taint. By default, - // it is not set, which means tolerate the taint forever (do not - // evict). Zero and - // negative values will be treated as 0 (evict immediately) by the - // system. - tolerationSeconds?: int64 - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise - // just a regular string. - value?: string - }] - } - } - - // Optional service type for Kubernetes solver service. Supported - // values - // are NodePort or ClusterIP. If unset, defaults to NodePort. - serviceType?: string - } - } - - // Selector selects a set of DNSNames on the Certificate resource - // that - // should be solved using this challenge solver. - // If not specified, the solver will be treated as the 'default' - // solver - // with the lowest priority, i.e. if any other solver has a more - // specific - // match, it will be used instead. - selector?: { - // List of DNSNames that this solver will be used to solve. - // If specified and a match is found, a dnsNames selector will - // take - // precedence over a dnsZones selector. - // If multiple solvers match with the same dnsNames value, the - // solver - // with the most matching labels in matchLabels will be selected. - // If neither has more matches, the solver defined earlier in the - // list - // will be selected. - dnsNames?: [...string] - - // List of DNSZones that this solver will be used to solve. - // The most specific DNS zone match specified here will take - // precedence - // over other DNS zone matches, so a solver specifying - // sys.example.com - // will be selected over one specifying example.com for the domain - // www.sys.example.com. - // If multiple solvers match with the same dnsZones value, the - // solver - // with the most matching labels in matchLabels will be selected. - // If neither has more matches, the solver defined earlier in the - // list - // will be selected. - dnsZones?: [...string] - - // A label selector that is used to refine the set of - // certificate's that - // this challenge solver will apply to. - matchLabels?: close({ - [string]: string - }) - } - }] - } - - // CA configures this issuer to sign certificates using a signing - // CA keypair - // stored in a Secret resource. - // This is used to build internal PKIs that are managed by - // cert-manager. - ca?: { - // The CRL distribution points is an X.509 v3 certificate - // extension which identifies - // the location of the CRL from which the revocation of this - // certificate can be checked. - // If not set, certificates will be issued without distribution - // points set. - crlDistributionPoints?: [...string] - - // IssuingCertificateURLs is a list of URLs which this issuer - // should embed into certificates - // it creates. See - // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for - // more details. - // As an example, such a URL might be - // "http://ca.domain.com/ca.crt". - issuingCertificateURLs?: [...string] - - // The OCSP server list is an X.509 v3 extension that defines a - // list of - // URLs of OCSP responders. The OCSP responders can be queried for - // the - // revocation status of an issued certificate. If not set, the - // certificate will be issued with no OCSP servers set. For - // example, an - // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - ocspServers?: [...string] - - // SecretName is the name of the secret used to sign Certificates - // issued - // by this Issuer. - secretName!: string - } - selfSigned?: { - // The CRL distribution points is an X.509 v3 certificate - // extension which identifies - // the location of the CRL from which the revocation of this - // certificate can be checked. - // If not set certificate will be issued without CDP. Values are - // strings. - crlDistributionPoints?: [...string] - } - - // Vault configures this issuer to sign certificates using a - // HashiCorp Vault - // PKI backend. - vault?: { - // Auth configures how cert-manager authenticates with the Vault - // server. - auth!: { - // AppRole authenticates with Vault using the App Role auth - // mechanism, - // with the role and secret stored in a Kubernetes Secret - // resource. - appRole?: { - // Path where the App Role authentication backend is mounted in - // Vault, e.g: - // "approle" - path!: string - - // RoleID configured in the App Role authentication backend when - // setting - // up the authentication backend in Vault. - roleId!: string - - // Reference to a key in a Secret that contains the App Role - // secret used - // to authenticate with Vault. - // The `key` field must be specified and denotes which entry - // within the Secret - // resource is used as the app role secret. - secretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // ClientCertificate authenticates with Vault by presenting a - // client - // certificate during the request's TLS handshake. - // Works only when using HTTPS protocol. - clientCertificate?: { - // The Vault mountPath here is the mount path to use when - // authenticating with - // Vault. For example, setting a value to `/v1/auth/foo`, will use - // the path - // `/v1/auth/foo/login` to authenticate with Vault. If - // unspecified, the - // default value "/v1/auth/cert" will be used. - mountPath?: string - - // Name of the certificate role to authenticate against. - // If not set, matching any certificate role, if available. - name?: string - - // Reference to Kubernetes Secret of type "kubernetes.io/tls" - // (hence containing - // tls.crt and tls.key) used to authenticate to Vault using TLS - // client - // authentication. - secretName?: string - } - - // Kubernetes authenticates with Vault by passing the - // ServiceAccount - // token stored in the named Secret resource to the Vault server. - kubernetes?: { - // The Vault mountPath here is the mount path to use when - // authenticating with - // Vault. For example, setting a value to `/v1/auth/foo`, will use - // the path - // `/v1/auth/foo/login` to authenticate with Vault. If - // unspecified, the - // default value "/v1/auth/kubernetes" will be used. - mountPath?: string - - // A required field containing the Vault Role to assume. A Role - // binds a - // Kubernetes ServiceAccount with a set of Vault policies. - role!: string - - // The required Secret field containing a Kubernetes - // ServiceAccount JWT used - // for authenticating with Vault. Use of 'ambient credentials' is - // not - // supported. - secretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // A reference to a service account that will be used to request a - // bound - // token (also known as "projected token"). Compared to using - // "secretRef", - // using this field means that you don't rely on statically bound - // tokens. To - // use this field, you must configure an RBAC rule to let - // cert-manager - // request a token. - serviceAccountRef?: { - // TokenAudiences is an optional list of extra audiences to - // include in the token passed to Vault. The default token - // consisting of the issuer's namespace and name is always - // included. - audiences?: [...string] - - // Name of the ServiceAccount used to request a token. - name!: string - } - } - - // TokenSecretRef authenticates with Vault by presenting a token. - tokenSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - } - - // Base64-encoded bundle of PEM CAs which will be used to validate - // the certificate - // chain presented by Vault. Only used if using HTTPS to connect - // to Vault and - // ignored for HTTP connections. - // Mutually exclusive with CABundleSecretRef. - // If neither CABundle nor CABundleSecretRef are defined, the - // certificate bundle in - // the cert-manager controller container is used to validate the - // TLS connection. - caBundle?: string - - // Reference to a Secret containing a bundle of PEM-encoded CAs to - // use when - // verifying the certificate chain presented by Vault when using - // HTTPS. - // Mutually exclusive with CABundle. - // If neither CABundle nor CABundleSecretRef are defined, the - // certificate bundle in - // the cert-manager controller container is used to validate the - // TLS connection. - // If no key for the Secret is specified, cert-manager will - // default to 'ca.crt'. - caBundleSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // Reference to a Secret containing a PEM-encoded Client - // Certificate to use when the - // Vault server requires mTLS. - clientCertSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // Reference to a Secret containing a PEM-encoded Client Private - // Key to use when the - // Vault server requires mTLS. - clientKeySecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // Name of the vault namespace. Namespaces is a set of features - // within Vault Enterprise that allows Vault environments to - // support Secure Multi-tenancy. e.g: "ns1" - // More about namespaces can be found here - // https://www.vaultproject.io/docs/enterprise/namespaces - namespace?: string - - // Path is the mount path of the Vault PKI backend's `sign` - // endpoint, e.g: - // "my_pki_mount/sign/my-role-name". - path!: string - - // Server is the connection address for the Vault server, e.g: - // "https://vault.example.com:8200". - server!: string - } - - // Venafi configures this issuer to sign certificates using a - // Venafi TPP - // or Venafi Cloud policy zone. - venafi?: { - // Cloud specifies the Venafi cloud configuration settings. - // Only one of TPP or Cloud may be specified. - cloud?: { - // APITokenSecretRef is a secret key selector for the Venafi Cloud - // API token. - apiTokenSecretRef!: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // URL is the base URL for Venafi Cloud. - // Defaults to "https://api.venafi.cloud/v1". - url?: string - } - - // TPP specifies Trust Protection Platform configuration settings. - // Only one of TPP or Cloud may be specified. - tpp?: { - // Base64-encoded bundle of PEM CAs which will be used to validate - // the certificate - // chain presented by the TPP server. Only used if using HTTPS; - // ignored for HTTP. - // If undefined, the certificate bundle in the cert-manager - // controller container - // is used to validate the chain. - caBundle?: string - - // Reference to a Secret containing a base64-encoded bundle of PEM - // CAs - // which will be used to validate the certificate chain presented - // by the TPP server. - // Only used if using HTTPS; ignored for HTTP. Mutually exclusive - // with CABundle. - // If neither CABundle nor CABundleSecretRef is defined, the - // certificate bundle in - // the cert-manager controller container is used to validate the - // TLS connection. - caBundleSecretRef?: { - // The key of the entry in the Secret resource's `data` field to - // be used. - // Some instances of this field may be defaulted, in others it may - // be - // required. - key?: string - - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - credentialsRef!: { - // Name of the resource being referred to. - // More info: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name!: string - } - - // URL is the base URL for the vedsdk endpoint of the Venafi TPP - // instance, - // for example: "https://tpp.example.com/vedsdk". - url!: string - } - - // Zone is the Venafi Policy Zone to use for this issuer. - // All requests made to the Venafi platform will be restricted by - // the named - // zone policy. - // This field is required. - zone!: string - } -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue deleted file mode 100644 index 65f7bfbd6..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue +++ /dev/null @@ -1,2001 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml - -package v1 - -import ( - "strings" - "list" -) - -// HTTPRoute provides a way to route HTTP requests. This includes -// the capability -// to match requests by hostname, path, header, or query param. -// Filters can be -// used to specify additional processing steps. Backends specify -// where matching -// requests should be routed. -#HTTPRoute: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "gateway.networking.k8s.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "HTTPRoute" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // Spec defines the desired state of HTTPRoute. - spec!: #HTTPRouteSpec -} - -// Spec defines the desired state of HTTPRoute. -#HTTPRouteSpec: { - // Hostnames defines a set of hostnames that should match against - // the HTTP Host - // header to select a HTTPRoute used to process the request. - // Implementations - // MUST ignore any port value specified in the HTTP Host header - // while - // performing a match and (absent of any applicable header - // modification - // configuration) MUST forward this header unmodified to the - // backend. - // - // Valid values for Hostnames are determined by RFC 1123 - // definition of a - // hostname with 2 notable exceptions: - // - // 1. IPs are not allowed. - // 2. A hostname may be prefixed with a wildcard label (`*.`). The - // wildcard - // label must appear by itself as the first label. - // - // If a hostname is specified by both the Listener and HTTPRoute, - // there - // must be at least one intersecting hostname for the HTTPRoute to - // be - // attached to the Listener. For example: - // - // * A Listener with `test.example.com` as the hostname matches - // HTTPRoutes - // that have either not specified any hostnames, or have specified - // at - // least one of `test.example.com` or `*.example.com`. - // * A Listener with `*.example.com` as the hostname matches - // HTTPRoutes - // that have either not specified any hostnames or have specified - // at least - // one hostname that matches the Listener hostname. For example, - // `*.example.com`, `test.example.com`, and `foo.test.example.com` - // would - // all match. On the other hand, `example.com` and - // `test.example.net` would - // not match. - // - // Hostnames that are prefixed with a wildcard label (`*.`) are - // interpreted - // as a suffix match. That means that a match for `*.example.com` - // would match - // both `test.example.com`, and `foo.test.example.com`, but not - // `example.com`. - // - // If both the Listener and HTTPRoute have specified hostnames, - // any - // HTTPRoute hostnames that do not match the Listener hostname - // MUST be - // ignored. For example, if a Listener specified `*.example.com`, - // and the - // HTTPRoute specified `test.example.com` and `test.example.net`, - // `test.example.net` must not be considered for a match. - // - // If both the Listener and HTTPRoute have specified hostnames, - // and none - // match with the criteria above, then the HTTPRoute is not - // accepted. The - // implementation must raise an 'Accepted' Condition with a status - // of - // `False` in the corresponding RouteParentStatus. - // - // In the event that multiple HTTPRoutes specify intersecting - // hostnames (e.g. - // overlapping wildcard matching and exact matching hostnames), - // precedence must - // be given to rules from the HTTPRoute with the largest number - // of: - // - // * Characters in a matching non-wildcard hostname. - // * Characters in a matching hostname. - // - // If ties exist across multiple Routes, the matching precedence - // rules for - // HTTPRouteMatches takes over. - // - // Support: Core - hostnames?: list.MaxItems(16) & [...strings.MaxRunes(253) & strings.MinRunes(1) & =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"] - - // ParentRefs references the resources (usually Gateways) that a - // Route wants - // to be attached to. Note that the referenced parent resource - // needs to - // allow this for the attachment to be complete. For Gateways, - // that means - // the Gateway needs to allow attachment from Routes of this kind - // and - // namespace. For Services, that means the Service must either be - // in the same - // namespace for a "producer" route, or the mesh implementation - // must support - // and allow "consumer" routes for the referenced Service. - // ReferenceGrant is - // not applicable for governing ParentRefs to Services - it is not - // possible to - // create a "producer" route for a Service in a different - // namespace from the - // Route. - // - // There are two kinds of parent resources with "Core" support: - // - // * Gateway (Gateway conformance profile) - // * Service (Mesh conformance profile, ClusterIP Services only) - // - // This API may be extended in the future to support additional - // kinds of parent - // resources. - // - // ParentRefs must be _distinct_. This means either that: - // - // * They select different objects. If this is the case, then - // parentRef - // entries are distinct. In terms of fields, this means that the - // multi-part key defined by `group`, `kind`, `namespace`, and - // `name` must - // be unique across all parentRef entries in the Route. - // * They do not select different objects, but for each optional - // field used, - // each ParentRef that selects the same object must set the same - // set of - // optional fields to different values. If one ParentRef sets a - // combination of optional fields, all must set the same - // combination. - // - // Some examples: - // - // * If one ParentRef sets `sectionName`, all ParentRefs - // referencing the - // same object must also set `sectionName`. - // * If one ParentRef sets `port`, all ParentRefs referencing the - // same - // object must also set `port`. - // * If one ParentRef sets `sectionName` and `port`, all - // ParentRefs - // referencing the same object must also set `sectionName` and - // `port`. - // - // It is possible to separately reference multiple distinct - // objects that may - // be collapsed by an implementation. For example, some - // implementations may - // choose to merge compatible Gateway Listeners together. If that - // is the - // case, the list of routes attached to those resources should - // also be - // merged. - // - // Note that for ParentRefs that cross namespace boundaries, there - // are specific - // rules. Cross-namespace references are only valid if they are - // explicitly - // allowed by something in the namespace they are referring to. - // For example, - // Gateway has the AllowedRoutes field, and ReferenceGrant - // provides a - // generic way to enable other kinds of cross-namespace reference. - parentRefs?: list.MaxItems(32) & [...{ - // Group is the group of the referent. - // When unspecified, "gateway.networking.k8s.io" is inferred. - // To set the core API group (such as for a "Service" kind - // referent), - // Group must be explicitly set to "" (empty string). - // - // Support: Core - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io" - - // Kind is kind of the referent. - // - // There are two kinds of parent resources with "Core" support: - // - // * Gateway (Gateway conformance profile) - // * Service (Mesh conformance profile, ClusterIP Services only) - // - // Support for other resources is Implementation-Specific. - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway" - - // Name is the name of the referent. - // - // Support: Core - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referent. When unspecified, - // this refers - // to the local namespace of the Route. - // - // Note that there are specific rules for ParentRefs which cross - // namespace - // boundaries. Cross-namespace references are only valid if they - // are explicitly - // allowed by something in the namespace they are referring to. - // For example: - // Gateway has the AllowedRoutes field, and ReferenceGrant - // provides a - // generic way to enable any other kind of cross-namespace - // reference. - // - // - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port is the network port this Route targets. It can be - // interpreted - // differently based on the type of parent resource. - // - // When the parent resource is a Gateway, this targets all - // listeners - // listening on the specified port that also support this kind of - // Route(and - // select this Route). It's not recommended to set `Port` unless - // the - // networking behaviors specified in a Route must apply to a - // specific port - // as opposed to a listener(s) whose port(s) may be changed. When - // both Port - // and SectionName are specified, the name and port of the - // selected listener - // must match both specified values. - // - // - // - // Implementations MAY choose to support other parent resources. - // Implementations supporting other types of parent resources MUST - // clearly - // document how/if Port is interpreted. - // - // For the purpose of status, an attachment is considered - // successful as - // long as the parent resource accepts it partially. For example, - // Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment - // from the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, - // the Route MUST be considered detached from the Gateway. - // - // Support: Extended - port?: uint16 & >=1 - - // SectionName is the name of a section within the target - // resource. In the - // following resources, SectionName is interpreted as the - // following: - // - // * Gateway: Listener name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // * Service: Port name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // - // Implementations MAY choose to support attaching Routes to other - // resources. - // If that is the case, they MUST clearly document how SectionName - // is - // interpreted. - // - // When unspecified (empty string), this will reference the entire - // resource. - // For the purpose of status, an attachment is considered - // successful if at - // least one section in the parent resource accepts it. For - // example, Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment from - // the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, the - // Route MUST be considered detached from the Gateway. - // - // Support: Core - sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - }] - - // Rules are a list of HTTP matchers, filters and actions. - rules?: list.MaxItems(16) & [...{ - // BackendRefs defines the backend(s) where matching requests - // should be - // sent. - // - // Failure behavior here depends on how many BackendRefs are - // specified and - // how many are invalid. - // - // If *all* entries in BackendRefs are invalid, and there are also - // no filters - // specified in this route rule, *all* traffic which matches this - // rule MUST - // receive a 500 status code. - // - // See the HTTPBackendRef definition for the rules about what - // makes a single - // HTTPBackendRef invalid. - // - // When a HTTPBackendRef is invalid, 500 status codes MUST be - // returned for - // requests that would have otherwise been routed to an invalid - // backend. If - // multiple backends are specified, and some are invalid, the - // proportion of - // requests that would otherwise have been routed to an invalid - // backend - // MUST receive a 500 status code. - // - // For example, if two backends are specified with equal weights, - // and one is - // invalid, 50 percent of traffic must receive a 500. - // Implementations may - // choose how that 50 percent is determined. - // - // When a HTTPBackendRef refers to a Service that has no ready - // endpoints, - // implementations SHOULD return a 503 for requests to that - // backend instead. - // If an implementation chooses to do this, all of the above rules - // for 500 responses - // MUST also apply for responses that return a 503. - // - // Support: Core for Kubernetes Service - // - // Support: Extended for Kubernetes ServiceImport - // - // Support: Implementation-specific for any other resource - // - // Support for weight: Core - backendRefs?: list.MaxItems(16) & [...{ - // Filters defined at this level should be executed if and only if - // the - // request is being forwarded to the backend defined here. - // - // Support: Implementation-specific (For broader support of - // filters, use the - // Filters field in HTTPRouteRule.) - filters?: list.MaxItems(16) & [...{ - // ExtensionRef is an optional, implementation-specific extension - // to the - // "filter" behavior. For example, resource "myroutefilter" in - // group - // "networking.example.net"). ExtensionRef MUST NOT be used for - // core and - // extended filters. - // - // This filter can be used multiple times within the same rule. - // - // Support: Implementation-specific - extensionRef?: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. For example "HTTPRoute" or - // "Service". - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - } - - // RequestHeaderModifier defines a schema for a filter that - // modifies request - // headers. - // - // Support: Core - requestHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - requestMirror?: { - // BackendRef references a resource where mirrored requests are - // sent. - // - // Mirrored requests must be sent only to a single destination - // endpoint - // within this BackendRef, irrespective of how many endpoints are - // present - // within this BackendRef. - // - // If the referent cannot be found, this BackendRef is invalid and - // must be - // dropped from the Gateway. The controller must ensure the - // "ResolvedRefs" - // condition on the Route status is set to `status: False` and not - // configure - // this backend in the underlying implementation. - // - // If there is a cross-namespace reference to an *existing* object - // that is not allowed by a ReferenceGrant, the controller must - // ensure the - // "ResolvedRefs" condition on the Route is set to `status: - // False`, - // with the "RefNotPermitted" reason and not configure this - // backend in the - // underlying implementation. - // - // In either error case, the Message of the `ResolvedRefs` - // Condition - // should be used to provide more detail about the problem. - // - // Support: Extended for Kubernetes Service - // - // Support: Implementation-specific for any other resource - backendRef!: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - } - } - - // RequestRedirect defines a schema for a filter that responds to - // the - // request with an HTTP redirection. - // - // Support: Core - requestRedirect?: { - // Hostname is the hostname to be used in the value of the - // `Location` - // header in the response. - // When empty, the hostname in the `Host` header of the request is - // used. - // - // Support: Core - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines parameters used to modify the path of the incoming - // request. - // The modified path is then used to construct the `Location` - // header. When - // empty, the request path is used as-is. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - - // Port is the port to be used in the value of the `Location` - // header in the response. - // - // If no port is specified, the redirect port MUST be derived - // using the - // following rules: - // - // * If redirect scheme is not-empty, the redirect port MUST be - // the well-known - // port associated with the redirect scheme. Specifically "http" - // to port 80 - // and "https" to port 443. If the redirect scheme does not have a - // well-known port, the listener port of the Gateway SHOULD be - // used. - // * If redirect scheme is empty, the redirect port MUST be the - // Gateway - // Listener port. - // - // Implementations SHOULD NOT add the port number in the - // 'Location' - // header in the following cases: - // - // * A Location header that will use HTTP (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 80. - // * A Location header that will use HTTPS (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 443. - // - // Support: Extended - port?: uint16 & >=1 - - // Scheme is the scheme to be used in the value of the `Location` - // header in - // the response. When empty, the scheme of the request is used. - // - // Scheme redirects can affect the port of the redirect, for more - // information, - // refer to the documentation for the port field of this filter. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Extended - scheme?: "http" | "https" - - // StatusCode is the HTTP status code to be used in response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Core - statusCode?: (301 | 302) & int | *302 - } - - // ResponseHeaderModifier defines a schema for a filter that - // modifies response - // headers. - // - // Support: Extended - responseHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // Type identifies the type of filter to apply. As with other API - // fields, - // types are classified into three conformance levels: - // - // - Core: Filter types and their corresponding configuration - // defined by - // "Support: Core" in this package, e.g. "RequestHeaderModifier". - // All - // implementations must support core filters. - // - // - Extended: Filter types and their corresponding configuration - // defined by - // "Support: Extended" in this package, e.g. "RequestMirror". - // Implementers - // are encouraged to support extended filters. - // - // - Implementation-specific: Filters that are defined and - // supported by - // specific vendors. - // In the future, filters showing convergence in behavior across - // multiple - // implementations will be considered for inclusion in extended or - // core - // conformance levels. Filter-specific configuration for such - // filters - // is specified using the ExtensionRef field. `Type` should be set - // to - // "ExtensionRef" for custom filters. - // - // Implementers are encouraged to define custom implementation - // types to - // extend the core API with implementation-specific behavior. - // - // If a reference to a custom filter type cannot be resolved, the - // filter - // MUST NOT be skipped. Instead, requests that would have been - // processed by - // that filter MUST receive a HTTP error response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef" - - // URLRewrite defines a schema for a filter that modifies a - // request during forwarding. - // - // Support: Extended - urlRewrite?: { - // Hostname is the value to be used to replace the Host header - // value during - // forwarding. - // - // Support: Extended - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines a path rewrite. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - } - }] - - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - - // Weight specifies the proportion of requests forwarded to the - // referenced - // backend. This is computed as weight/(sum of all weights in this - // BackendRefs list). For non-zero values, there may be some - // epsilon from - // the exact proportion defined here depending on the precision an - // implementation supports. Weight is not a percentage and the sum - // of - // weights does not need to equal 100. - // - // If only one backend is specified and it has a weight greater - // than 0, 100% - // of the traffic is forwarded to that backend. If weight is set - // to 0, no - // traffic should be forwarded for this entry. If unspecified, - // weight - // defaults to 1. - // - // Support for this field varies based on the context where used. - weight?: int32 & int & <=1000000 & >=0 | *1 - }] - - // Filters define the filters that are applied to requests that - // match - // this rule. - // - // Wherever possible, implementations SHOULD implement filters in - // the order - // they are specified. - // - // Implementations MAY choose to implement this ordering strictly, - // rejecting - // any combination or order of filters that can not be supported. - // If implementations - // choose a strict interpretation of filter ordering, they MUST - // clearly document - // that behavior. - // - // To reject an invalid combination or order of filters, - // implementations SHOULD - // consider the Route Rules with this configuration invalid. If - // all Route Rules - // in a Route are invalid, the entire Route would be considered - // invalid. If only - // a portion of Route Rules are invalid, implementations MUST set - // the - // "PartiallyInvalid" condition for the Route. - // - // Conformance-levels at this level are defined based on the type - // of filter: - // - // - ALL core filters MUST be supported by all implementations. - // - Implementers are encouraged to support extended filters. - // - Implementation-specific custom filters have no API guarantees - // across - // implementations. - // - // Specifying the same filter multiple times is not supported - // unless explicitly - // indicated in the filter. - // - // All filters are expected to be compatible with each other - // except for the - // URLRewrite and RequestRedirect filters, which may not be - // combined. If an - // implementation can not support other combinations of filters, - // they must clearly - // document that limitation. In cases where incompatible or - // unsupported - // filters are specified and cause the `Accepted` condition to be - // set to status - // `False`, implementations may use the `IncompatibleFilters` - // reason to specify - // this configuration error. - // - // Support: Core - filters?: list.MaxItems(16) & [...{ - // ExtensionRef is an optional, implementation-specific extension - // to the - // "filter" behavior. For example, resource "myroutefilter" in - // group - // "networking.example.net"). ExtensionRef MUST NOT be used for - // core and - // extended filters. - // - // This filter can be used multiple times within the same rule. - // - // Support: Implementation-specific - extensionRef?: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. For example "HTTPRoute" or - // "Service". - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - } - - // RequestHeaderModifier defines a schema for a filter that - // modifies request - // headers. - // - // Support: Core - requestHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - requestMirror?: { - // BackendRef references a resource where mirrored requests are - // sent. - // - // Mirrored requests must be sent only to a single destination - // endpoint - // within this BackendRef, irrespective of how many endpoints are - // present - // within this BackendRef. - // - // If the referent cannot be found, this BackendRef is invalid and - // must be - // dropped from the Gateway. The controller must ensure the - // "ResolvedRefs" - // condition on the Route status is set to `status: False` and not - // configure - // this backend in the underlying implementation. - // - // If there is a cross-namespace reference to an *existing* object - // that is not allowed by a ReferenceGrant, the controller must - // ensure the - // "ResolvedRefs" condition on the Route is set to `status: - // False`, - // with the "RefNotPermitted" reason and not configure this - // backend in the - // underlying implementation. - // - // In either error case, the Message of the `ResolvedRefs` - // Condition - // should be used to provide more detail about the problem. - // - // Support: Extended for Kubernetes Service - // - // Support: Implementation-specific for any other resource - backendRef!: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - } - } - - // RequestRedirect defines a schema for a filter that responds to - // the - // request with an HTTP redirection. - // - // Support: Core - requestRedirect?: { - // Hostname is the hostname to be used in the value of the - // `Location` - // header in the response. - // When empty, the hostname in the `Host` header of the request is - // used. - // - // Support: Core - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines parameters used to modify the path of the incoming - // request. - // The modified path is then used to construct the `Location` - // header. When - // empty, the request path is used as-is. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - - // Port is the port to be used in the value of the `Location` - // header in the response. - // - // If no port is specified, the redirect port MUST be derived - // using the - // following rules: - // - // * If redirect scheme is not-empty, the redirect port MUST be - // the well-known - // port associated with the redirect scheme. Specifically "http" - // to port 80 - // and "https" to port 443. If the redirect scheme does not have a - // well-known port, the listener port of the Gateway SHOULD be - // used. - // * If redirect scheme is empty, the redirect port MUST be the - // Gateway - // Listener port. - // - // Implementations SHOULD NOT add the port number in the - // 'Location' - // header in the following cases: - // - // * A Location header that will use HTTP (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 80. - // * A Location header that will use HTTPS (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 443. - // - // Support: Extended - port?: uint16 & >=1 - - // Scheme is the scheme to be used in the value of the `Location` - // header in - // the response. When empty, the scheme of the request is used. - // - // Scheme redirects can affect the port of the redirect, for more - // information, - // refer to the documentation for the port field of this filter. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Extended - scheme?: "http" | "https" - - // StatusCode is the HTTP status code to be used in response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Core - statusCode?: (301 | 302) & int | *302 - } - - // ResponseHeaderModifier defines a schema for a filter that - // modifies response - // headers. - // - // Support: Extended - responseHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // Type identifies the type of filter to apply. As with other API - // fields, - // types are classified into three conformance levels: - // - // - Core: Filter types and their corresponding configuration - // defined by - // "Support: Core" in this package, e.g. "RequestHeaderModifier". - // All - // implementations must support core filters. - // - // - Extended: Filter types and their corresponding configuration - // defined by - // "Support: Extended" in this package, e.g. "RequestMirror". - // Implementers - // are encouraged to support extended filters. - // - // - Implementation-specific: Filters that are defined and - // supported by - // specific vendors. - // In the future, filters showing convergence in behavior across - // multiple - // implementations will be considered for inclusion in extended or - // core - // conformance levels. Filter-specific configuration for such - // filters - // is specified using the ExtensionRef field. `Type` should be set - // to - // "ExtensionRef" for custom filters. - // - // Implementers are encouraged to define custom implementation - // types to - // extend the core API with implementation-specific behavior. - // - // If a reference to a custom filter type cannot be resolved, the - // filter - // MUST NOT be skipped. Instead, requests that would have been - // processed by - // that filter MUST receive a HTTP error response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef" - - // URLRewrite defines a schema for a filter that modifies a - // request during forwarding. - // - // Support: Extended - urlRewrite?: { - // Hostname is the value to be used to replace the Host header - // value during - // forwarding. - // - // Support: Extended - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines a path rewrite. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - } - }] - - // Matches define conditions used for matching the rule against - // incoming - // HTTP requests. Each match is independent, i.e. this rule will - // be matched - // if **any** one of the matches is satisfied. - // - // For example, take the following matches configuration: - // - // ``` - // matches: - // - path: - // value: "/foo" - // headers: - // - name: "version" - // value: "v2" - // - path: - // value: "/v2/foo" - // ``` - // - // For a request to match against this rule, a request must - // satisfy - // EITHER of the two conditions: - // - // - path prefixed with `/foo` AND contains the header `version: - // v2` - // - path prefix of `/v2/foo` - // - // See the documentation for HTTPRouteMatch on how to specify - // multiple - // match conditions that should be ANDed together. - // - // If no matches are specified, the default is a prefix - // path match on "/", which has the effect of matching every - // HTTP request. - // - // Proxy or Load Balancer routing configuration generated from - // HTTPRoutes - // MUST prioritize matches based on the following criteria, - // continuing on - // ties. Across all rules specified on applicable Routes, - // precedence must be - // given to the match having: - // - // * "Exact" path match. - // * "Prefix" path match with largest number of characters. - // * Method match. - // * Largest number of header matches. - // * Largest number of query param matches. - // - // Note: The precedence of RegularExpression path matches are - // implementation-specific. - // - // If ties still exist across multiple Routes, matching precedence - // MUST be - // determined in order of the following criteria, continuing on - // ties: - // - // * The oldest Route based on creation timestamp. - // * The Route appearing first in alphabetical order by - // "{namespace}/{name}". - // - // If ties still exist within an HTTPRoute, matching precedence - // MUST be granted - // to the FIRST matching rule (in list order) with a match meeting - // the above - // criteria. - // - // When no rules matching a request have been successfully - // attached to the - // parent a request is coming from, a HTTP 404 status code MUST be - // returned. - matches?: list.MaxItems(64) & [...{ - // Headers specifies HTTP request header matchers. Multiple match - // values are - // ANDed together, meaning, a request must match all the specified - // headers - // to select the route. - headers?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, only the - // first - // entry with an equivalent name MUST be considered for a match. - // Subsequent - // entries with an equivalent header name MUST be ignored. Due to - // the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - // - // When a header is repeated in an HTTP request, it is - // implementation-specific behavior as to how this is represented. - // Generally, proxies should follow the guidance from the RFC: - // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 - // regarding - // processing a repeated header, with special handling for - // "Set-Cookie". - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Type specifies how to match against the value of the header. - // - // Support: Core (Exact) - // - // Support: Implementation-specific (RegularExpression) - // - // Since RegularExpression HeaderMatchType has - // implementation-specific - // conformance, implementations can support POSIX, PCRE or any - // other dialects - // of regular expressions. Please read the implementation's - // documentation to - // determine the supported dialect. - type?: "Exact" | "RegularExpression" | *"Exact" - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Method specifies HTTP method matcher. - // When specified, this route will be matched only if the request - // has the - // specified method. - // - // Support: Extended - method?: "GET" | "HEAD" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" - - // Path specifies a HTTP request path matcher. If this field is - // not - // specified, a default prefix match on the "/" path is provided. - path?: { - // Type specifies how to match against the path Value. - // - // Support: Core (Exact, PathPrefix) - // - // Support: Implementation-specific (RegularExpression) - type?: "Exact" | "PathPrefix" | "RegularExpression" | *"PathPrefix" - - // Value of the HTTP path to match against. - value?: strings.MaxRunes(1024) | *"/" - } | *{ - type: "PathPrefix" - value: "/" - } - - // QueryParams specifies HTTP query parameter matchers. Multiple - // match - // values are ANDed together, meaning, a request must match all - // the - // specified query parameters to select the route. - // - // Support: Extended - queryParams?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP query param to be matched. This - // must be an - // exact string match. (See - // https://tools.ietf.org/html/rfc7230#section-2.7.3). - // - // If multiple entries specify equivalent query param names, only - // the first - // entry with an equivalent name MUST be considered for a match. - // Subsequent - // entries with an equivalent query param name MUST be ignored. - // - // If a query param is repeated in an HTTP request, the behavior - // is - // purposely left undefined, since different data planes have - // different - // capabilities. However, it is *recommended* that implementations - // should - // match against the first value of the param if the data plane - // supports it, - // as this behavior is expected in other load balancing contexts - // outside of - // the Gateway API. - // - // Users SHOULD NOT route traffic based on repeated query params - // to guard - // themselves against potential differences in the - // implementations. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Type specifies how to match against the value of the query - // parameter. - // - // Support: Extended (Exact) - // - // Support: Implementation-specific (RegularExpression) - // - // Since RegularExpression QueryParamMatchType has - // Implementation-specific - // conformance, implementations can support POSIX, PCRE or any - // other - // dialects of regular expressions. Please read the - // implementation's - // documentation to determine the supported dialect. - type?: "Exact" | "RegularExpression" | *"Exact" - - // Value is the value of HTTP query param to be matched. - value!: strings.MaxRunes(1024) & strings.MinRunes(1) - }] - }] | *[{ - path: { - type: "PathPrefix" - value: "/" - } - }] - - // Timeouts defines the timeouts that can be configured for an - // HTTP request. - // - // Support: Extended - timeouts?: { - // BackendRequest specifies a timeout for an individual request - // from the gateway - // to a backend. This covers the time from when the request first - // starts being - // sent from the gateway to when the full response has been - // received from the backend. - // - // Setting a timeout to the zero duration (e.g. "0s") SHOULD - // disable the timeout - // completely. Implementations that cannot completely disable the - // timeout MUST - // instead interpret the zero duration as the longest possible - // value to which - // the timeout can be set. - // - // An entire client HTTP transaction with a gateway, covered by - // the Request timeout, - // may result in more than one call from the gateway to the - // destination backend, - // for example, if automatic retries are supported. - // - // The value of BackendRequest must be a Gateway API Duration - // string as defined by - // GEP-2257. When this field is unspecified, its behavior is - // implementation-specific; - // when specified, the value of BackendRequest must be no more - // than the value of the - // Request timeout (since the Request timeout encompasses the - // BackendRequest timeout). - // - // Support: Extended - backendRequest?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - - // Request specifies the maximum duration for a gateway to respond - // to an HTTP request. - // If the gateway has not been able to respond before this - // deadline is met, the gateway - // MUST return a timeout error. - // - // For example, setting the `rules.timeouts.request` field to the - // value `10s` in an - // `HTTPRoute` will cause a timeout if a client request is taking - // longer than 10 seconds - // to complete. - // - // Setting a timeout to the zero duration (e.g. "0s") SHOULD - // disable the timeout - // completely. Implementations that cannot completely disable the - // timeout MUST - // instead interpret the zero duration as the longest possible - // value to which - // the timeout can be set. - // - // This timeout is intended to cover as close to the whole - // request-response transaction - // as possible although an implementation MAY choose to start the - // timeout after the entire - // request stream has been received instead of immediately after - // the transaction is - // initiated by the client. - // - // The value of Request is a Gateway API Duration string as - // defined by GEP-2257. When this - // field is unspecified, request timeout behavior is - // implementation-specific. - // - // Support: Extended - request?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - } - }] | *[{ - matches: [{ - path: { - type: "PathPrefix" - value: "/" - } - }] - }] -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue deleted file mode 100644 index c2497a513..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -#GroupName: "apps" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue deleted file mode 100644 index d3ecc8345..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue +++ /dev/null @@ -1,946 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -#ControllerRevisionHashLabelKey: "controller-revision-hash" -#StatefulSetRevisionLabel: "controller-revision-hash" -#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" -#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" -#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" -#PodIndexLabel: "apps.kubernetes.io/pod-index" - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -#StatefulSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired identities of pods in this set. - // +optional - spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -// +enum -#PodManagementPolicyType: string // #enumPodManagementPolicyType - -#enumPodManagementPolicyType: - #OrderedReadyPodManagement | - #ParallelPodManagement - -// OrderedReadyPodManagement will create pods in strictly increasing order on -// scale up and strictly decreasing order on scale down, progressing only when -// the previous pod is ready or terminated. At most one pod will be changed -// at any time. -#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" - -// ParallelPodManagement will create and delete pods as soon as the stateful set -// replica count is changed, and will not wait for pods to be ready or complete -// termination. -#ParallelPodManagement: #PodManagementPolicyType & "Parallel" - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -#StatefulSetUpdateStrategy: { - // Type indicates the type of the StatefulSetUpdateStrategy. - // Default is RollingUpdate. - // +optional - type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) - - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - // +optional - rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -// +enum -#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType - -#enumStatefulSetUpdateStrategyType: - #RollingUpdateStatefulSetStrategyType | - #OnDeleteStatefulSetStrategyType - -// RollingUpdateStatefulSetStrategyType indicates that update will be -// applied to all Pods in the StatefulSet with respect to the StatefulSet -// ordering constraints. When a scale operation is performed with this -// strategy, new Pods will be created from the specification version indicated -// by the StatefulSet's updateRevision. -#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" - -// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version -// tracking and ordered rolling restarts are disabled. Pods are recreated -// from the StatefulSetSpec when they are manually deleted. When a scale -// operation is performed with this strategy,specification version indicated -// by the StatefulSet's currentRevision. -#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -#RollingUpdateStatefulSetStrategy: { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - // +optional - partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) - - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType - -#enumPersistentVolumeClaimRetentionPolicyType: - #RetainPersistentVolumeClaimRetentionPolicyType | - #DeletePersistentVolumeClaimRetentionPolicyType - -// RetainPersistentVolumeClaimRetentionPolicyType is the default -// PersistentVolumeClaimRetentionPolicy and specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will not be deleted. -#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" - -// RetentionPersistentVolumeClaimRetentionPolicyType specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will be deleted in the scenario specified in -// StatefulSetPersistentVolumeClaimRetentionPolicy. -#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -#StatefulSetPersistentVolumeClaimRetentionPolicy: { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) - - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -#StatefulSetOrdinals: { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - start: int32 @go(Start) @protobuf(1,varint,opt) -} - -// A StatefulSetSpec is the specification of a StatefulSet. -#StatefulSetSpec: { - // replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // selector is a label query over pods that should match the replica count. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // -. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // volumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) - - // serviceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) - - // podManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) - - // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent - // volume claims created from volumeClaimTemplates. By default, all persistent - // volume claims are created as needed and retained until manually deleted. This - // policy allows the lifecycle to be altered, for example by deleting persistent - // volume claims when their stateful set is deleted, or when their pod is scaled - // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, - // which is alpha. +optional - persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is beta. - // +optional - ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) -} - -// StatefulSetStatus represents the current state of a StatefulSet. -#StatefulSetStatus: { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // replicas is the number of Pods created by the StatefulSet controller. - replicas: int32 @go(Replicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a statefulset's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) -} - -#StatefulSetConditionType: string - -// StatefulSetCondition describes the state of a statefulset at a certain point. -#StatefulSetCondition: { - // Type of statefulset condition. - type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// StatefulSetList is a collection of StatefulSets. -#StatefulSetList: { - metav1.#TypeMeta - - // Standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of stateful sets. - items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) -} - -// Deployment enables declarative updates for Pods and ReplicaSets. -#Deployment: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the Deployment. - // +optional - spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the Deployment. - // +optional - status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DeploymentSpec is the specification of the desired behavior of the Deployment. -#DeploymentSpec: { - // Number of desired pods. This is a pointer to distinguish between explicit - // zero and not specified. Defaults to 1. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // It must match the pod template's labels. - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template describes the pods that will be created. - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - // +patchStrategy=retainKeys - strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) - - // Indicates that the deployment is paused. - // +optional - paused?: bool @go(Paused) @protobuf(7,varint,opt) - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. Defaults to 600s. - progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) -} - -// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added -// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets -// to select new pods (and old pods being select by new ReplicaSet). -#DefaultDeploymentUniqueLabelKey: "pod-template-hash" - -// DeploymentStrategy describes how to replace existing pods with new ones. -#DeploymentStrategy: { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) -} - -// +enum -#DeploymentStrategyType: string // #enumDeploymentStrategyType - -#enumDeploymentStrategyType: - #RecreateDeploymentStrategyType | - #RollingUpdateDeploymentStrategyType - -// Kill all existing pods before creating new ones. -#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" - -// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. -#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" - -// Spec to control the desired behavior of rolling update. -#RollingUpdateDeployment: { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // Defaults to 25%. - // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - // that the total number of pods available at all times during the update is at - // least 70% of desired pods. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of pods that can be scheduled above the desired number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // Defaults to 25%. - // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - // the rolling update starts, such that the total number of old and new pods do not exceed - // 130% of desired pods. Once old pods have been killed, - // new ReplicaSet can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of desired pods. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DeploymentStatus is the most recently observed status of the Deployment. -#DeploymentStatus: { - // The generation observed by the deployment controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) - - // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) - - // Represents the latest available observations of a deployment's current state. - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) -} - -#DeploymentConditionType: string // #enumDeploymentConditionType - -#enumDeploymentConditionType: - #DeploymentAvailable | - #DeploymentProgressing | - #DeploymentReplicaFailure - -// Available means the deployment is available, ie. at least the minimum available -// replicas required are up and running for at least minReadySeconds. -#DeploymentAvailable: #DeploymentConditionType & "Available" - -// Progressing means the deployment is progressing. Progress for a deployment is -// considered when a new replica set is created or adopted, and when new pods scale -// up or old pods scale down. Progress is not estimated for paused deployments or -// when progressDeadlineSeconds is not specified. -#DeploymentProgressing: #DeploymentConditionType & "Progressing" - -// ReplicaFailure is added in a deployment when one of its pods fails to be created -// or deleted. -#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" - -// DeploymentCondition describes the state of a deployment at a certain point. -#DeploymentCondition: { - // Type of deployment condition. - type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time this condition was updated. - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) - - // Last time the condition transitioned from one status to another. - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) - - // The reason for the condition's last transition. - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DeploymentList is a list of Deployments. -#DeploymentList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Deployments. - items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) -} - -// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. -#DaemonSetUpdateStrategy: { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. - // +optional - type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) -} - -// +enum -#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType - -#enumDaemonSetUpdateStrategyType: - #RollingUpdateDaemonSetStrategyType | - #OnDeleteDaemonSetStrategyType - -// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. -#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" - -// Replace the old daemons only when it's killed -#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" - -// Spec to control the desired behavior of daemon set rolling update. -#RollingUpdateDaemonSet: { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediatedly created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DaemonSetSpec is the specification of a daemon set. -#DaemonSetSpec: { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) -} - -// DaemonSetStatus represents the current status of a daemon set. -#DaemonSetStatus: { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) - - // numberReady is the number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running with a Ready Condition. - numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) - - // The most recent generation observed by the daemon set controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) - - // The total number of nodes that are running updated daemon pod - // +optional - updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a DaemonSet's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) -} - -#DaemonSetConditionType: string - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -#DaemonSetCondition: { - // Type of DaemonSet condition. - type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DaemonSet represents the configuration of a daemon set. -#DaemonSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DefaultDaemonSetUniqueLabelKey is the default label key that is added -// to existing DaemonSet pods to distinguish between old and new -// DaemonSet pods during DaemonSet template updates. -#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" - -// DaemonSetList is a collection of daemon sets. -#DaemonSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // A list of daemon sets. - items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) -} - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -#ReplicaSet: { - metav1.#TypeMeta - - // If the Labels of a ReplicaSet are empty, they are defaulted to - // be the same as the Pod(s) that the ReplicaSet manages. - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the ReplicaSet. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the ReplicaSet. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicaSetList is a collection of ReplicaSets. -#ReplicaSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ReplicaSets. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -#ReplicaSetSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the replica count. - // Label keys and values that must match in order to be controlled by this replica set. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -#ReplicaSetStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replica set's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) -} - -#ReplicaSetConditionType: string // #enumReplicaSetConditionType - -#enumReplicaSetConditionType: - #ReplicaSetReplicaFailure - -// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created -// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted -// due to kubelet being down or finalizers are failing. -#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" - -// ReplicaSetCondition describes the state of a replica set at a certain point. -#ReplicaSetCondition: { - // Type of replica set condition. - type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both -// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, -// it may be subject to name and representation changes in future releases, and clients should not -// depend on its stability. It is primarily for internal use by controllers. -#ControllerRevision: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Data is the serialized representation of the state. - data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) - - // Revision indicates the revision of the state represented by Data. - revision: int64 @go(Revision) @protobuf(3,varint,opt) -} - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -#ControllerRevisionList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ControllerRevisions - items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a3027906..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce0..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abce..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff5..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b6..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c097336..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue deleted file mode 100644 index f10426220..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -#GroupName: "networking.k8s.io" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue deleted file mode 100644 index bbdc7f2b1..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue +++ /dev/null @@ -1,588 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -#NetworkPolicy: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the desired behavior for this NetworkPolicy. - // +optional - spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PolicyType string describes the NetworkPolicy type -// This type is beta-level in 1.8 -// +enum -#PolicyType: string // #enumPolicyType - -#enumPolicyType: - #PolicyTypeIngress | - #PolicyTypeEgress - -// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods -#PolicyTypeIngress: #PolicyType & "Ingress" - -// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods -#PolicyTypeEgress: #PolicyType & "Egress" - -// NetworkPolicySpec provides the specification of a NetworkPolicy -#NetworkPolicySpec: { - // podSelector selects the pods to which this NetworkPolicy object applies. - // The array of ingress rules is applied to any pods selected by this field. - // Multiple network policies can select the same set of pods. In this case, - // the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt) - - // ingress is a list of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // (and cluster policy otherwise allows the traffic), OR if the traffic source is - // the pod's local node, OR if the traffic matches at least one ingress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy does not allow any traffic (and serves - // solely to ensure that the pods it selects are isolated by default) - // +optional - ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep) - - // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic - // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy - // otherwise allows the traffic), OR if the traffic matches at least one egress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves - // solely to ensure that the pods it selects are isolated by default). - // This field is beta-level in 1.8 - // +optional - egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep) - - // policyTypes is a list of rule types that the NetworkPolicy relates to. - // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. - // If this field is not specified, it will default based on the existence of ingress or egress rules; - // policies that contain an egress section are assumed to affect egress, and all policies - // (whether or not they contain an ingress section) are assumed to affect ingress. - // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. - // Likewise, if you want to write a policy that specifies that no egress is allowed, - // you must specify a policyTypes value that include "Egress" (since such a policy would not include - // an egress section and would otherwise default to just [ "Ingress" ]). - // This field is beta-level in 1.8 - // +optional - policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType) -} - -// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. -#NetworkPolicyIngressRule: { - // ports is a list of ports which should be made accessible on the pods selected for - // this rule. Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // from is a list of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all sources (traffic not restricted by - // source). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the from list. - // +optional - from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. -// This type is beta-level in 1.8 -#NetworkPolicyEgressRule: { - // ports is a list of destination ports for outgoing traffic. - // Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // to is a list of destinations for outgoing traffic of pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all destinations (traffic not restricted by - // destination). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the to list. - // +optional - to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPort describes a port to allow traffic on -#NetworkPolicyPort: { - // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol) - - // port represents the port on the given protocol. This can either be a numerical or named - // port on a pod. If this field is not provided, this matches all port names and - // numbers. - // If present, only traffic on the specified protocol AND port will be matched. - // +optional - port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt) - - // endPort indicates that the range of ports from port to endPort if set, inclusive, - // should be allowed by the policy. This field cannot be defined if the port field - // is not defined or if the port field is defined as a named (string) port. - // The endPort must be equal or greater than port. - // +optional - endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt) -} - -// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed -// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs -// that should not be included within this rule. -#IPBlock: { - // cidr is a string representing the IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - cidr: string @go(CIDR) @protobuf(1,bytes) - - // except is a slice of CIDRs that should not be included within an IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - // Except values will be rejected if they are outside the cidr range - // +optional - except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of -// fields are allowed -#NetworkPolicyPeer: { - // podSelector is a label selector which selects pods. This field follows standard label - // selector semantics; if present but empty, it selects all pods. - // - // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects the pods matching podSelector in the policy's own namespace. - // +optional - podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaceSelector selects namespaces using cluster-scoped labels. This field follows - // standard label selector semantics; if present but empty, it selects all namespaces. - // - // If podSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the namespaces selected by namespaceSelector. - // Otherwise it selects all pods in the namespaces selected by namespaceSelector. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // ipBlock defines policy on a particular IPBlock. If this field is set then - // neither of the other fields can be. - // +optional - ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep) -} - -// NetworkPolicyList is a list of NetworkPolicy objects. -#NetworkPolicyList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep) -} - -// Ingress is a collection of rules that allow inbound connections to reach the -// endpoints defined by a backend. An Ingress can be configured to give services -// externally-reachable urls, load balance traffic, terminate SSL, offer name -// based virtual hosting etc. -#Ingress: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt) -} - -// IngressList is a collection of Ingress. -#IngressList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Ingress. - items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep) -} - -// IngressSpec describes the Ingress the user wishes to exist. -#IngressSpec: { - // ingressClassName is the name of an IngressClass cluster resource. Ingress - // controller implementations use this field to know whether they should be - // serving this Ingress resource, by a transitive connection - // (controller -> IngressClass -> Ingress resource). Although the - // `kubernetes.io/ingress.class` annotation (simple constant name) was never - // formally defined, it was widely supported by Ingress controllers to create - // a direct binding between Ingress controller and Ingress resources. Newly - // created Ingress resources should prefer using the field. However, even - // though the annotation is officially deprecated, for backwards compatibility - // reasons, ingress controllers should still honor that annotation if present. - // +optional - ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt) - - // defaultBackend is the backend that should handle requests that don't - // match any rule. If Rules are not specified, DefaultBackend must be specified. - // If DefaultBackend is not set, the handling of requests that do not match any - // of the rules will be up to the Ingress controller. - // +optional - defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt) - - // tls represents the TLS configuration. Currently the Ingress only supports a - // single TLS port, 443. If multiple members of this list specify different hosts, - // they will be multiplexed on the same port according to the hostname specified - // through the SNI TLS extension, if the ingress controller fulfilling the - // ingress supports SNI. - // +listType=atomic - // +optional - tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep) - - // rules is a list of host rules used to configure the Ingress. If unspecified, - // or no rule matches, all traffic is sent to the default backend. - // +listType=atomic - // +optional - rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep) -} - -// IngressTLS describes the transport layer security associated with an ingress. -#IngressTLS: { - // hosts is a list of hosts included in the TLS certificate. The values in - // this list must match the name/s used in the tlsSecret. Defaults to the - // wildcard host setting for the loadbalancer controller fulfilling this - // Ingress, if left unspecified. - // +listType=atomic - // +optional - hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep) - - // secretName is the name of the secret used to terminate TLS traffic on - // port 443. Field is left optional to allow TLS routing based on SNI - // hostname alone. If the SNI host in a listener conflicts with the "Host" - // header field used by an IngressRule, the SNI host is used for termination - // and value of the "Host" header is used for routing. - // +optional - secretName?: string @go(SecretName) @protobuf(2,bytes,opt) -} - -// IngressStatus describe the current state of the Ingress. -#IngressStatus: { - // loadBalancer contains the current status of the load-balancer. - // +optional - loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) -} - -// IngressLoadBalancerStatus represents the status of a load-balancer. -#IngressLoadBalancerStatus: { - // ingress is a list containing ingress points for the load-balancer. - // +optional - ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. -#IngressLoadBalancerIngress: { - // ip is set for load-balancer ingress points that are IP based. - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // hostname is set for load-balancer ingress points that are DNS based. - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // ports provides information about the ports exposed by this LoadBalancer. - // +listType=atomic - // +optional - ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep) -} - -// IngressPortStatus represents the error condition of a service port -#IngressPortStatus: { - // port is the port number of the ingress port. - port: int32 @go(Port) @protobuf(1,varint,opt) - - // protocol is the protocol of the ingress port. - // The supported values are: "TCP", "UDP", "SCTP" - protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} - -// IngressRule represents the rules mapping the paths under a specified host to -// the related backend services. Incoming requests are first evaluated for a host -// match, then routed to the backend associated with the matching IngressRuleValue. -#IngressRule: { - // host is the fully qualified domain name of a network host, as defined by RFC 3986. - // Note the following deviations from the "host" part of the - // URI as defined in RFC 3986: - // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to - // the IP in the Spec of the parent Ingress. - // 2. The `:` delimiter is not respected because ports are not allowed. - // Currently the port of an Ingress is implicitly :80 for http and - // :443 for https. - // Both these may change in the future. - // Incoming requests are matched against the host before the - // IngressRuleValue. If the host is unspecified, the Ingress routes all - // traffic based on the specified IngressRuleValue. - // - // host can be "precise" which is a domain name without the terminating dot of - // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name - // prefixed with a single wildcard label (e.g. "*.foo.com"). - // The wildcard character '*' must appear by itself as the first DNS label and - // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). - // Requests will be matched against the Host field in the following way: - // 1. If host is precise, the request matches this rule if the http host header is equal to Host. - // 2. If host is a wildcard, then the request matches this rule if the http host header - // is to equal to the suffix (removing the first label) of the wildcard rule. - // +optional - host?: string @go(Host) @protobuf(1,bytes,opt) - - #IngressRuleValue -} - -// IngressRuleValue represents a rule to apply against incoming requests. If the -// rule is satisfied, the request is routed to the specified backend. Currently -// mixing different types of rules in a single Ingress is disallowed, so exactly -// one of the following must be set. -#IngressRuleValue: { - // +optional - http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt) -} - -// HTTPIngressRuleValue is a list of http selectors pointing to backends. -// In the example: http:///? -> backend where -// where parts of the url correspond to RFC 3986, this resource will be used -// to match against everything after the last '/' and before the first '?' -// or '#'. -#HTTPIngressRuleValue: { - // paths is a collection of paths that map requests to backends. - // +listType=atomic - paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep) -} - -// PathType represents the type of path referred to by a HTTPIngressPath. -// +enum -#PathType: string // #enumPathType - -#enumPathType: - #PathTypeExact | - #PathTypePrefix | - #PathTypeImplementationSpecific - -// PathTypeExact matches the URL path exactly and with case sensitivity. -#PathTypeExact: #PathType & "Exact" - -// PathTypePrefix matches based on a URL path prefix split by '/'. Matching -// is case sensitive and done on a path element by element basis. A path -// element refers to the list of labels in the path split by the '/' -// separator. A request is a match for path p if every p is an element-wise -// prefix of p of the request path. Note that if the last element of the -// path is a substring of the last element in request path, it is not a -// match (e.g. /foo/bar matches /foo/bar/baz, but does not match -// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the -// longest matching path is given priority. -// Examples: -// - /foo/bar does not match requests to /foo/barbaz -// - /foo/bar matches request to /foo/bar and /foo/bar/baz -// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are -// present in an Ingress spec, the longest matching path (/foo/) is given -// priority. -#PathTypePrefix: #PathType & "Prefix" - -// PathTypeImplementationSpecific matching is up to the IngressClass. -// Implementations can treat this as a separate PathType or treat it -// identically to Prefix or Exact path types. -#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific" - -// HTTPIngressPath associates a path with a backend. Incoming urls matching the -// path are forwarded to the backend. -#HTTPIngressPath: { - // path is matched against the path of an incoming request. Currently it can - // contain characters disallowed from the conventional "path" part of a URL - // as defined by RFC 3986. Paths must begin with a '/' and must be present - // when using PathType with value "Exact" or "Prefix". - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // pathType determines the interpretation of the path matching. PathType can - // be one of the following values: - // * Exact: Matches the URL path exactly. - // * Prefix: Matches based on a URL path prefix split by '/'. Matching is - // done on a path element by element basis. A path element refers is the - // list of labels in the path split by the '/' separator. A request is a - // match for path p if every p is an element-wise prefix of p of the - // request path. Note that if the last element of the path is a substring - // of the last element in request path, it is not a match (e.g. /foo/bar - // matches /foo/bar/baz, but does not match /foo/barbaz). - // * ImplementationSpecific: Interpretation of the Path matching is up to - // the IngressClass. Implementations can treat this as a separate PathType - // or treat it identically to Prefix or Exact path types. - // Implementations are required to support all path types. - pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt) - - // backend defines the referenced service endpoint to which the traffic - // will be forwarded to. - backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt) -} - -// IngressBackend describes all endpoints for a given service and port. -#IngressBackend: { - // service references a service as a backend. - // This is a mutually exclusive setting with "Resource". - // +optional - service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt) - - // resource is an ObjectRef to another Kubernetes resource in the namespace - // of the Ingress object. If resource is specified, a service.Name and - // service.Port must not be specified. - // This is a mutually exclusive setting with "Service". - // +optional - resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt) -} - -// IngressServiceBackend references a Kubernetes Service as a Backend. -#IngressServiceBackend: { - // name is the referenced service. The service must exist in - // the same namespace as the Ingress object. - name: string @go(Name) @protobuf(1,bytes,opt) - - // port of the referenced service. A port name or port number - // is required for a IngressServiceBackend. - port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt) -} - -// ServiceBackendPort is the service port being referenced. -#ServiceBackendPort: { - // name is the name of the port on the Service. - // This is a mutually exclusive setting with "Number". - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // number is the numerical port number (e.g. 80) on the Service. - // This is a mutually exclusive setting with "Name". - // +optional - number?: int32 @go(Number) @protobuf(2,bytes,opt) -} - -// IngressClass represents the class of the Ingress, referenced by the Ingress -// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be -// used to indicate that an IngressClass should be considered default. When a -// single IngressClass resource has this annotation set to true, new Ingress -// resources without a class specified will be assigned this default class. -#IngressClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the IngressClass. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// IngressClassSpec provides information about the class of an Ingress. -#IngressClassSpec: { - // controller refers to the name of the controller that should handle this - // class. This allows for different "flavors" that are controlled by the - // same controller. For example, you may have different parameters for the - // same implementing controller. This should be specified as a - // domain-prefixed path no more than 250 characters in length, e.g. - // "acme.io/ingress-controller". This field is immutable. - controller?: string @go(Controller) @protobuf(1,bytes,opt) - - // parameters is a link to a custom resource containing additional - // configuration for the controller. This is optional if the controller does - // not require extra parameters. - // +optional - parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt) -} - -// IngressClassParametersReferenceScopeNamespace indicates that the -// referenced Parameters resource is namespace-scoped. -#IngressClassParametersReferenceScopeNamespace: "Namespace" - -// IngressClassParametersReferenceScopeCluster indicates that the -// referenced Parameters resource is cluster-scoped. -#IngressClassParametersReferenceScopeCluster: "Cluster" - -// IngressClassParametersReference identifies an API object. This can be used -// to specify a cluster or namespace-scoped resource. -#IngressClassParametersReference: { - // apiGroup is the group for the resource being referenced. If APIGroup is - // not specified, the specified Kind must be in the core API group. For any - // other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup) - - // kind is the type of resource being referenced. - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // name is the name of resource being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // scope represents if this refers to a cluster or namespace scoped resource. - // This may be set to "Cluster" (default) or "Namespace". - // +optional - scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt) - - // namespace is the namespace of the resource being referenced. This field is - // required when scope is set to "Namespace" and must be unset when scope is set to - // "Cluster". - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt) -} - -// IngressClassList is a collection of IngressClasses. -#IngressClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of IngressClasses. - items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep) -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue deleted file mode 100644 index bee74f4b6..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue +++ /dev/null @@ -1,11 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -// AnnotationIsDefaultIngressClass can be used to indicate that an -// IngressClass should be considered default. When a single IngressClass -// resource has this annotation set to true, new Ingress resources without a -// class specified will be assigned this default class. -#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5c..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096f..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1b..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec1..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf1..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff538603..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a466..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae3..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b288..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec266..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 835392730..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c90..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b63..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c392..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d58..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644cb..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e36..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b3..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f25..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f070..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb620..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f4676..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a7..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b4..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a2..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf891..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda3..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745aa..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80c..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f9..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd8285..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc3651..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b91894..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec85..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b0..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb2..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be1..000000000 --- a/k8s/timoni/codebattle/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/k8s/timoni/codebattle/cue.mod/module.cue b/k8s/timoni/codebattle/cue.mod/module.cue deleted file mode 100644 index 4f3d2dfda..000000000 --- a/k8s/timoni/codebattle/cue.mod/module.cue +++ /dev/null @@ -1,2 +0,0 @@ -module: "timoni.sh/codebattle" -language: version: "v0.9.0" diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99d..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43f..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f098967..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e4..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b0621..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505d..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699e..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573ae..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384b..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397f..000000000 --- a/k8s/timoni/codebattle/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/k8s/timoni/codebattle/templates/config.cue b/k8s/timoni/codebattle/templates/config.cue deleted file mode 100644 index b108a4770..000000000 --- a/k8s/timoni/codebattle/templates/config.cue +++ /dev/null @@ -1,105 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#Config: { - kubeVersion!: string - moduleVersion!: string - - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - metadata: labels: timoniv1.#Labels - metadata: annotations?: timoniv1.#Annotations - - selector: timoniv1.#Selector & { - #Name: metadata.name - labels: app: "codebattle" - } - - registry: string - image!: { - codebattle: timoniv1.#Image - nginx: timoniv1.#Image - } - - resources: timoniv1.#ResourceRequirements & { - requests: { - cpu: *"10m" | timoniv1.#CPUQuantity - memory: *"32Mi" | timoniv1.#MemoryQuantity - } - } - - replicas: *1 | int & >0 - - securityContext: corev1.#SecurityContext & { - allowPrivilegeEscalation: *false | true - privileged: *false | true - capabilities: - { - drop: *["ALL"] | [string] - add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] - } - } - - service: { - annotations?: timoniv1.#Annotations - port: *4000 | int & >0 & <=65535 - type: corev1.#ServiceType - } - - env: [string]: string | int | bool - - podSecurityContext?: corev1.#PodSecurityContext - imagePullSecrets?: [...timoniv1.#ObjectReference] - tolerations?: [...corev1.#Toleration] - affinity?: corev1.#Affinity - topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] - - ingress: { - enable: *false | bool - class?: string - tls: [...networkingv1.#IngressTLS] - host?: string - } - - gateway: { - enable: certManager.enable & (*false | bool) - gatewayName: string - host: *"codebattle.hexlet.io" | string - } - - certManager: { - enable: *false | bool - useLetsencrypt: *true | bool - useCA: *false | bool - _issuerConstraint: useLetsencrypt != useCA - _caSecretMeta: timoniv1.#MetaComponent & { - #Meta: metadata - #Component: "ca" - } - } - - rustExecutor: *false | bool -} - -// Instance takes the config values and outputs the Kubernetes objects. -#Instance: { - config: #Config - - objects: { - deploy: #Deployment & {#config: config} - svc: #Service & {#config: config} - if config.ingress.enable { - ingress: #Ingress & {#config: config} - } - if config.gateway.enable { - gateway: #HTTPRoute & {#config: config} - } - if config.certManager.enable { - issuer: #Issuer & {#config: config} - } - } -} diff --git a/k8s/timoni/codebattle/templates/deployment.cue b/k8s/timoni/codebattle/templates/deployment.cue deleted file mode 100644 index 039912141..000000000 --- a/k8s/timoni/codebattle/templates/deployment.cue +++ /dev/null @@ -1,86 +0,0 @@ -package templates - -import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" -) - -#Deployment: appsv1.#Deployment & { - #config: #Config - apiVersion: "apps/v1" - kind: "Deployment" - metadata: #config.metadata - spec: appsv1.#DeploymentSpec & { - replicas: #config.replicas - selector: matchLabels: #config.selector.labels - template: { - metadata: labels: #config.selector.labels - spec: corev1.#PodSpec & { - containers: [{ - name: "codebattle" - image: #config.image.codebattle.reference - imagePullPolicy: #config.image.codebattle.pullPolicy - ports: [{ - name: "codebattle" - containerPort: #config.service.port - protocol: "TCP" - }] - readinessProbe: { - httpGet: { - path: "/health" - port: "codebattle" - } - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - } - command: ["make", "start"] - envFrom: [{ - secretRef: name: "\(#config.metadata.name)-secrets" - }] - env: [for k, v in #config.env { - name: k - value: "\(v)" - }, { - name: "CODEBATTLE_PORT" - value: "\(#config.service.port)" - }, { - name: "CODEBATTLE_VERSION" - value: #config.image.codebattle.tag - }, { - name: "KUBERNETES_NAMESPACE" - valueFrom: fieldRef: fieldPath: "metadata.namespace" - }, if #config.rustExecutor { - name: "CODEBATTLE_EXECUTOR" - value: "rust" - }] - }, { - name: "nginx" - image: #config.image.nginx.reference - imagePullPolicy: #config.image.nginx.pullPolicy - ports: [{ - name: "http" - containerPort: 80 - protocol: "TCP" - }] - readinessProbe: { - httpGet: { - path: "/health" - port: "http" - } - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - } - env: [{ - name: "NGINX_SERVER_ADDRESS" - value: "127.0.0.1" - }] - }] - if #config.affinity != _|_ { - affinity: #config.affinity - } - } - } - } -} diff --git a/k8s/timoni/codebattle/templates/httproute.cue b/k8s/timoni/codebattle/templates/httproute.cue deleted file mode 100644 index e99dfe9af..000000000 --- a/k8s/timoni/codebattle/templates/httproute.cue +++ /dev/null @@ -1,42 +0,0 @@ -package templates - -import ( - gatewayv1 "gateway.networking.k8s.io/httproute/v1" -) - -#HTTPRoute: gatewayv1.#HTTPRoute & { - #config: #Config - apiVersion: "gateway.networking.k8s.io/v1" - kind: "HTTPRoute" - metadata: #config.metadata - spec: { - parentRefs: [{ - name: #config.gateway.gatewayName - sectionName: "https" - }] - rules: [{ - matches: [{ - path: { - type: "PathPrefix" - value: "/" - } - }] - backendRefs: [{ - name: metadata.name - port: #config.service.port - }] - }, { - matches: [{ - path: { - type: "PathPrefix" - value: "/assets" - } - }] - timeouts: request: "60s" - backendRefs: [{ - name: metadata.name - port: 80 - }] - }] - } -} diff --git a/k8s/timoni/codebattle/templates/ingress.cue b/k8s/timoni/codebattle/templates/ingress.cue deleted file mode 100644 index ea6eb98d0..000000000 --- a/k8s/timoni/codebattle/templates/ingress.cue +++ /dev/null @@ -1,34 +0,0 @@ -package templates - -import ( - networkingv1 "k8s.io/api/networking/v1" -) - -#Ingress: networkingv1.#Ingress & { - #config: #Config - apiVersion: "networking.k8s.io/v1" - kind: "Ingress" - metadata: #config.metadata - spec: networkingv1.#IngressSpec & { - ingressClassName: #config.ingress.class - tls: #config.ingress.tls - rules: [{ - host: #config.ingress.host - http: paths: [{ - path: "/assets" - pathType: "Prefix" - backend: service: { - name: #config.metadata.name - port: name: "nginx" - } - }, { - path: "/" - pathType: "Prefix" - backend: service: { - name: #config.metadata.name - port: name: "codebattle" - } - }] - }] - } -} diff --git a/k8s/timoni/codebattle/templates/issuer.cue b/k8s/timoni/codebattle/templates/issuer.cue deleted file mode 100644 index bf804c4fe..000000000 --- a/k8s/timoni/codebattle/templates/issuer.cue +++ /dev/null @@ -1,32 +0,0 @@ -package templates - -import ( - issuerv1 "cert-manager.io/issuer/v1" -) - -#Issuer: issuerv1.#Issuer & { - #config: #Config - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: #config.metadata - spec: { - if #config.certManager.useLetsencrypt { - acme: { - server: "https://acme-v02.api.letsencrypt.org/directory" - privateKeySecretRef: name: "\(metadata.name)-letsencrypt" - solvers: [{ - http01: gatewayHTTPRoute: { - parentRefs: [{ - name: #config.gateway.gatewayName - }] - } - }] - } - } - if #config.certManager.useCA { - ca: { - secretName: #config.certManager._caSecretMeta.name - } - } - } -} diff --git a/k8s/timoni/codebattle/templates/service.cue b/k8s/timoni/codebattle/templates/service.cue deleted file mode 100644 index 19b8509ff..000000000 --- a/k8s/timoni/codebattle/templates/service.cue +++ /dev/null @@ -1,30 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#Service: corev1.#Service & { - #config: #Config - apiVersion: "v1" - kind: "Service" - metadata: #config.metadata - if #config.service.annotations != _|_ { - metadata: annotations: #config.service.annotations - } - spec: corev1.#ServiceSpec & { - type: #config.service.type - selector: #config.selector.labels - ports: [{ - port: #config.service.port - protocol: "TCP" - name: "codebattle" - targetPort: name - }, { - port: 80 - protocol: "TCP" - name: "http" - targetPort: name - }] - } -} diff --git a/k8s/timoni/codebattle/timoni.cue b/k8s/timoni/codebattle/timoni.cue deleted file mode 100644 index b2618dcb2..000000000 --- a/k8s/timoni/codebattle/timoni.cue +++ /dev/null @@ -1,25 +0,0 @@ -package main - -import ( - templates "timoni.sh/codebattle/templates" -) - -values: templates.#Config - -timoni: { - apiVersion: "v1alpha1" - - instance: templates.#Instance & { - config: values - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - apply: app: [for obj in instance.objects {obj}] -} diff --git a/k8s/timoni/codebattle/timoni.ignore b/k8s/timoni/codebattle/timoni.ignore deleted file mode 100644 index 0722c3486..000000000 --- a/k8s/timoni/codebattle/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/k8s/timoni/codebattle/values.cue b/k8s/timoni/codebattle/values.cue deleted file mode 100644 index 7f8243318..000000000 --- a/k8s/timoni/codebattle/values.cue +++ /dev/null @@ -1,23 +0,0 @@ -package main - -values: { - registry: "docker.io" - service: { - port: 4000 - type: "ClusterIP" - } - image: { - codebattle: { - repository: "\(registry)/codebattle/codebattle" - tag: "latest" - digest: "" - } - nginx: { - repository: "\(registry)/codebattle/nginx-assets" - tag: "latest" - digest: "" - } - } - env: { - } -} diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue deleted file mode 100644 index d128f3f58..000000000 --- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gateway/v1/types_gen.cue +++ /dev/null @@ -1,794 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml - -package v1 - -import ( - "strings" - "list" - "struct" -) - -// Gateway represents an instance of a service-traffic handling -// infrastructure -// by binding Listeners to a set of IP addresses. -#Gateway: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "gateway.networking.k8s.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "Gateway" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // Spec defines the desired state of Gateway. - spec!: #GatewaySpec -} - -// Spec defines the desired state of Gateway. -#GatewaySpec: { - // Addresses requested for this Gateway. This is optional and - // behavior can - // depend on the implementation. If a value is set in the spec and - // the - // requested address is invalid or unavailable, the implementation - // MUST - // indicate this in the associated entry in - // GatewayStatus.Addresses. - // - // The Addresses field represents a request for the address(es) on - // the - // "outside of the Gateway", that traffic bound for this Gateway - // will use. - // This could be the IP address or hostname of an external load - // balancer or - // other networking infrastructure, or some other address that - // traffic will - // be sent to. - // - // If no Addresses are specified, the implementation MAY schedule - // the - // Gateway in an implementation-specific manner, assigning an - // appropriate - // set of Addresses. - // - // The implementation MUST bind all Listeners to every - // GatewayAddress that - // it assigns to the Gateway and add a corresponding entry in - // GatewayStatus.Addresses. - // - // Support: Extended - addresses?: list.MaxItems(16) & [...matchN(1, [{ - type?: "IPAddress" - value?: matchN(>=1, [_, _]) - }, { - type?: matchN(0, ["IPAddress"]) - }]) & { - // Type of the address. - type?: strings.MaxRunes(253) & strings.MinRunes(1) & =~"^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$" | *"IPAddress" - - // Value of the address. The validity of the values will depend - // on the type and support by the controller. - // - // Examples: `1.2.3.4`, `128::1`, `my-ip-address`. - value!: strings.MaxRunes(253) & strings.MinRunes(1) - }] - backendTLS?: { - // ClientCertificateRef is a reference to an object that contains - // a Client - // Certificate and the associated private key. - // - // References to a resource in different namespace are invalid - // UNLESS there - // is a ReferenceGrant in the target namespace that allows the - // certificate - // to be attached. If a ReferenceGrant does not allow this - // reference, the - // "ResolvedRefs" condition MUST be set to False for this listener - // with the - // "RefNotPermitted" reason. - // - // ClientCertificateRef can reference to standard Kubernetes - // resources, i.e. - // Secret, or implementation-specific custom resources. - // - // This setting can be overridden on the service level by use of - // BackendTLSPolicy. - // - // Support: Core - clientCertificateRef?: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is kind of the referent. For example "Secret". - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Secret" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referenced object. When - // unspecified, the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - } - } - - // GatewayClassName used for this Gateway. This is the name of a - // GatewayClass resource. - gatewayClassName!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Infrastructure defines infrastructure level attributes about - // this Gateway instance. - // - // Support: Extended - infrastructure?: { - // Annotations that SHOULD be applied to any resources created in - // response to this Gateway. - // - // For implementations creating other Kubernetes objects, this - // should be the `metadata.annotations` field on resources. - // For other implementations, this refers to any relevant - // (implementation specific) "annotations" concepts. - // - // An implementation may chose to add additional - // implementation-specific annotations as they see fit. - // - // Support: Extended - annotations?: close({ - [string]: strings.MaxRunes(4096) & strings.MinRunes(0) - }) & struct.MaxFields(8) - - // Labels that SHOULD be applied to any resources created in - // response to this Gateway. - // - // For implementations creating other Kubernetes objects, this - // should be the `metadata.labels` field on resources. - // For other implementations, this refers to any relevant - // (implementation specific) "labels" concepts. - // - // An implementation may chose to add additional - // implementation-specific labels as they see fit. - // - // If an implementation maps these labels to Pods, or any other - // resource that would need to be recreated when labels - // change, it SHOULD clearly warn about this behavior in - // documentation. - // - // Support: Extended - labels?: close({ - [string]: strings.MaxRunes(63) & strings.MinRunes(0) & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - }) & struct.MaxFields(8) - - // ParametersRef is a reference to a resource that contains the - // configuration - // parameters corresponding to the Gateway. This is optional if - // the - // controller does not require any additional configuration. - // - // This follows the same semantics as GatewayClass's - // `parametersRef`, but on a per-Gateway basis - // - // The Gateway's GatewayClass may provide its own `parametersRef`. - // When both are specified, - // the merging behavior is implementation specific. - // It is generally recommended that GatewayClass provides defaults - // that can be overridden by a Gateway. - // - // Support: Implementation-specific - parametersRef?: { - // Group is the group of the referent. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - } - } - - // Listeners associated with this Gateway. Listeners define - // logical endpoints that are bound on this Gateway's addresses. - // At least one Listener MUST be specified. - // - // Each Listener in a set of Listeners (for example, in a single - // Gateway) - // MUST be _distinct_, in that a traffic flow MUST be able to be - // assigned to - // exactly one listener. (This section uses "set of Listeners" - // rather than - // "Listeners in a single Gateway" because implementations MAY - // merge configuration - // from multiple Gateways onto a single data plane, and these - // rules _also_ - // apply in that case). - // - // Practically, this means that each listener in a set MUST have a - // unique - // combination of Port, Protocol, and, if supported by the - // protocol, Hostname. - // - // Some combinations of port, protocol, and TLS settings are - // considered - // Core support and MUST be supported by implementations based on - // their - // targeted conformance profile: - // - // HTTP Profile - // - // 1. HTTPRoute, Port: 80, Protocol: HTTP - // 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, - // TLS keypair provided - // - // TLS Profile - // - // 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough - // - // "Distinct" Listeners have the following property: - // - // The implementation can match inbound requests to a single - // distinct - // Listener. When multiple Listeners share values for fields (for - // example, two Listeners with the same Port value), the - // implementation - // can match requests to only one of the Listeners using other - // Listener fields. - // - // For example, the following Listener scenarios are distinct: - // - // 1. Multiple Listeners with the same Port that all use the - // "HTTP" - // Protocol that all have unique Hostname values. - // 2. Multiple Listeners with the same Port that use either the - // "HTTPS" or - // "TLS" Protocol that all have unique Hostname values. - // 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no - // Listener - // with the same Protocol has the same Port value. - // - // Some fields in the Listener struct have possible values that - // affect - // whether the Listener is distinct. Hostname is particularly - // relevant - // for HTTP or HTTPS protocols. - // - // When using the Hostname value to select between same-Port, - // same-Protocol - // Listeners, the Hostname value must be different on each - // Listener for the - // Listener to be distinct. - // - // When the Listeners are distinct based on Hostname, inbound - // request - // hostnames MUST match from the most specific to least specific - // Hostname - // values to choose the correct Listener and its associated set of - // Routes. - // - // Exact matches must be processed before wildcard matches, and - // wildcard - // matches must be processed before fallback (empty Hostname - // value) - // matches. For example, `"foo.example.com"` takes precedence over - // `"*.example.com"`, and `"*.example.com"` takes precedence over - // `""`. - // - // Additionally, if there are multiple wildcard entries, more - // specific - // wildcard entries must be processed before less specific - // wildcard entries. - // For example, `"*.foo.example.com"` takes precedence over - // `"*.example.com"`. - // The precise definition here is that the higher the number of - // dots in the - // hostname to the right of the wildcard character, the higher the - // precedence. - // - // The wildcard character will match any number of characters _and - // dots_ to - // the left, however, so `"*.example.com"` will match both - // `"foo.bar.example.com"` _and_ `"bar.example.com"`. - // - // If a set of Listeners contains Listeners that are not distinct, - // then those - // Listeners are Conflicted, and the implementation MUST set the - // "Conflicted" - // condition in the Listener Status to "True". - // - // Implementations MAY choose to accept a Gateway with some - // Conflicted - // Listeners only if they only accept the partial Listener set - // that contains - // no Conflicted Listeners. To put this another way, - // implementations may - // accept a partial Listener set only if they throw out *all* the - // conflicting - // Listeners. No picking one of the conflicting listeners as the - // winner. - // This also means that the Gateway must have at least one - // non-conflicting - // Listener in this case, otherwise it violates the requirement - // that at - // least one Listener must be present. - // - // The implementation MUST set a "ListenersNotValid" condition on - // the - // Gateway Status when the Gateway contains Conflicted Listeners - // whether or - // not they accept the Gateway. That Condition SHOULD clearly - // indicate in the Message which Listeners are conflicted, and - // which are - // Accepted. Additionally, the Listener status for those listeners - // SHOULD - // indicate which Listeners are conflicted and not Accepted. - // - // A Gateway's Listeners are considered "compatible" if: - // - // 1. They are distinct. - // 2. The implementation can serve them in compliance with the - // Addresses - // requirement that all Listeners are available on all assigned - // addresses. - // - // Compatible combinations in Extended support are expected to - // vary across - // implementations. A combination that is compatible for one - // implementation - // may not be compatible for another. - // - // For example, an implementation that cannot serve both TCP and - // UDP listeners - // on the same address, or cannot mix HTTPS and generic TLS - // listens on the same port - // would not consider those cases compatible, even though they are - // distinct. - // - // Note that requests SHOULD match at most one Listener. For - // example, if - // Listeners are defined for "foo.example.com" and - // "*.example.com", a - // request to "foo.example.com" SHOULD only be routed using routes - // attached - // to the "foo.example.com" Listener (and not the "*.example.com" - // Listener). - // This concept is known as "Listener Isolation". Implementations - // that do - // not support Listener Isolation MUST clearly document this. - // - // Implementations MAY merge separate Gateways onto a single set - // of - // Addresses if all Listeners across all Gateways are compatible. - // - // Support: Core - listeners!: list.MaxItems(64) & [...{ - // AllowedRoutes defines the types of routes that MAY be attached - // to a - // Listener and the trusted namespaces where those Route resources - // MAY be - // present. - // - // Although a client request may match multiple route rules, only - // one rule - // may ultimately receive the request. Matching precedence MUST be - // determined in order of the following criteria: - // - // * The most specific match as defined by the Route type. - // * The oldest Route based on creation timestamp. For example, a - // Route with - // a creation timestamp of "2020-09-08 01:02:03" is given - // precedence over - // a Route with a creation timestamp of "2020-09-08 01:02:04". - // * If everything else is equivalent, the Route appearing first - // in - // alphabetical order (namespace/name) should be given precedence. - // For - // example, foo/bar is given precedence over foo/baz. - // - // All valid rules within a Route attached to this Listener should - // be - // implemented. Invalid Route rules can be ignored (sometimes that - // will mean - // the full Route). If a Route rule transitions from valid to - // invalid, - // support for that Route rule should be dropped to ensure - // consistency. For - // example, even if a filter specified by a Route rule is invalid, - // the rest - // of the rules within that Route should still be supported. - // - // Support: Core - allowedRoutes?: { - // Kinds specifies the groups and kinds of Routes that are allowed - // to bind - // to this Gateway Listener. When unspecified or empty, the kinds - // of Routes - // selected are determined using the Listener protocol. - // - // A RouteGroupKind MUST correspond to kinds of Routes that are - // compatible - // with the application protocol specified in the Listener's - // Protocol field. - // If an implementation does not support or recognize this - // resource type, it - // MUST set the "ResolvedRefs" condition to False for this - // Listener with the - // "InvalidRouteKinds" reason. - // - // Support: Core - kinds?: list.MaxItems(8) & [...{ - // Group is the group of the Route. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io" - - // Kind is the kind of the Route. - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - }] - - // Namespaces indicates namespaces from which Routes may be - // attached to this - // Listener. This is restricted to the namespace of this Gateway - // by default. - // - // Support: Core - namespaces?: { - // From indicates where Routes will be selected for this Gateway. - // Possible - // values are: - // - // * All: Routes in all namespaces may be used by this Gateway. - // * Selector: Routes in namespaces selected by the selector may - // be used by - // this Gateway. - // * Same: Only Routes in the same namespace may be used by this - // Gateway. - // - // Support: Core - from?: "All" | "Selector" | "Same" | *"Same" - - // Selector must be specified when From is set to "Selector". In - // that case, - // only Routes in Namespaces matching this Selector will be - // selected by this - // Gateway. This field is ignored for other values of "From". - // - // Support: Core - selector?: { - // matchExpressions is a list of label selector requirements. The - // requirements are ANDed. - matchExpressions?: [...{ - // key is the label key that the selector applies to. - key!: string - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator!: string - - // values is an array of string values. If the operator is In or - // NotIn, - // the values array must be non-empty. If the operator is Exists - // or DoesNotExist, - // the values array must be empty. This array is replaced during a - // strategic - // merge patch. - values?: [...string] - }] - - // matchLabels is a map of {key,value} pairs. A single {key,value} - // in the matchLabels - // map is equivalent to an element of matchExpressions, whose key - // field is "key", the - // operator is "In", and the values array contains only "value". - // The requirements are ANDed. - matchLabels?: close({ - [string]: string - }) - } - } | *{ - from: "Same" - } - } | *{ - namespaces: { - from: "Same" - } - } - - // Hostname specifies the virtual hostname to match for protocol - // types that - // define this concept. When unspecified, all hostnames are - // matched. This - // field is ignored for protocols that don't require hostname - // based - // matching. - // - // Implementations MUST apply Hostname matching appropriately for - // each of - // the following protocols: - // - // * TLS: The Listener Hostname MUST match the SNI. - // * HTTP: The Listener Hostname MUST match the Host header of the - // request. - // * HTTPS: The Listener Hostname SHOULD match at both the TLS and - // HTTP - // protocol layers as described above. If an implementation does - // not - // ensure that both the SNI and Host header match the Listener - // hostname, - // it MUST clearly document that. - // - // For HTTPRoute and TLSRoute resources, there is an interaction - // with the - // `spec.hostnames` array. When both listener and route specify - // hostnames, - // there MUST be an intersection between the values for a Route to - // be - // accepted. For more information, refer to the Route specific - // Hostnames - // documentation. - // - // Hostnames that are prefixed with a wildcard label (`*.`) are - // interpreted - // as a suffix match. That means that a match for `*.example.com` - // would match - // both `test.example.com`, and `foo.test.example.com`, but not - // `example.com`. - // - // Support: Core - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Name is the name of the Listener. This name MUST be unique - // within a - // Gateway. - // - // Support: Core - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Port is the network port. Multiple listeners may use the - // same port, subject to the Listener compatibility rules. - // - // Support: Core - port!: uint16 & >=1 - - // Protocol specifies the network protocol this listener expects - // to receive. - // - // Support: Core - protocol!: strings.MaxRunes(255) & strings.MinRunes(1) & { - =~"^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$" - } - - // TLS is the TLS configuration for the Listener. This field is - // required if - // the Protocol field is "HTTPS" or "TLS". It is invalid to set - // this field - // if the Protocol field is "HTTP", "TCP", or "UDP". - // - // The association of SNIs to Certificate defined in - // GatewayTLSConfig is - // defined based on the Hostname field for this listener. - // - // The GatewayClass MUST use the longest matching SNI out of all - // available certificates for any TLS handshake. - // - // Support: Core - tls?: { - // CertificateRefs contains a series of references to Kubernetes - // objects that - // contains TLS certificates and private keys. These certificates - // are used to - // establish a TLS handshake for requests that match the hostname - // of the - // associated listener. - // - // A single CertificateRef to a Kubernetes Secret has "Core" - // support. - // Implementations MAY choose to support attaching multiple - // certificates to - // a Listener, but this behavior is implementation-specific. - // - // References to a resource in different namespace are invalid - // UNLESS there - // is a ReferenceGrant in the target namespace that allows the - // certificate - // to be attached. If a ReferenceGrant does not allow this - // reference, the - // "ResolvedRefs" condition MUST be set to False for this listener - // with the - // "RefNotPermitted" reason. - // - // This field is required to have at least one element when the - // mode is set - // to "Terminate" (default) and is optional otherwise. - // - // CertificateRefs can reference to standard Kubernetes resources, - // i.e. - // Secret, or implementation-specific custom resources. - // - // Support: Core - A single reference to a Kubernetes Secret of - // type kubernetes.io/tls - // - // Support: Implementation-specific (More than one reference or - // other resource types) - certificateRefs?: list.MaxItems(64) & [...{ - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is kind of the referent. For example "Secret". - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Secret" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referenced object. When - // unspecified, the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - }] - frontendValidation?: { - // CACertificateRefs contains one or more references to - // Kubernetes objects that contain TLS certificates of - // the Certificate Authorities that can be used - // as a trust anchor to validate the certificates presented by the - // client. - // - // A single CA certificate reference to a Kubernetes ConfigMap - // has "Core" support. - // Implementations MAY choose to support attaching multiple CA - // certificates to - // a Listener, but this behavior is implementation-specific. - // - // Support: Core - A single reference to a Kubernetes ConfigMap - // with the CA certificate in a key named `ca.crt`. - // - // Support: Implementation-specific (More than one reference, or - // other kinds - // of resources). - // - // References to a resource in a different namespace are invalid - // UNLESS there - // is a ReferenceGrant in the target namespace that allows the - // certificate - // to be attached. If a ReferenceGrant does not allow this - // reference, the - // "ResolvedRefs" condition MUST be set to False for this listener - // with the - // "RefNotPermitted" reason. - caCertificateRefs?: list.MaxItems(8) & [...{ - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. For example "ConfigMap" or - // "Service". - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referenced object. When - // unspecified, the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - }] & [_, ...] - } - - // Mode defines the TLS behavior for the TLS session initiated by - // the client. - // There are two possible modes: - // - // - Terminate: The TLS session between the downstream client and - // the - // Gateway is terminated at the Gateway. This mode requires - // certificates - // to be specified in some way, such as populating the - // certificateRefs - // field. - // - Passthrough: The TLS session is NOT terminated by the - // Gateway. This - // implies that the Gateway can't decipher the TLS stream except - // for - // the ClientHello message of the TLS protocol. The - // certificateRefs field - // is ignored in this mode. - // - // Support: Core - mode?: "Terminate" | "Passthrough" | *"Terminate" - - // Options are a list of key/value pairs to enable extended TLS - // configuration for each implementation. For example, configuring - // the - // minimum TLS version or supported cipher suites. - // - // A set of common keys MAY be defined by the API in the future. - // To avoid - // any ambiguity, implementation-specific definitions MUST use - // domain-prefixed names, such as `example.com/my-custom-option`. - // Un-prefixed names are reserved for key names defined by Gateway - // API. - // - // Support: Implementation-specific - options?: close({ - [string]: strings.MaxRunes(4096) & strings.MinRunes(0) - }) & struct.MaxFields(16) - } - }] & [_, ...] -} diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue deleted file mode 100644 index 538d41efb..000000000 --- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/gatewayclass/v1/types_gen.cue +++ /dev/null @@ -1,143 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml - -package v1 - -import "strings" - -// GatewayClass describes a class of Gateways available to the -// user for creating -// Gateway resources. -// -// It is recommended that this resource be used as a template for -// Gateways. This -// means that a Gateway is based on the state of the GatewayClass -// at the time it -// was created and changes to the GatewayClass or associated -// parameters are not -// propagated down to existing Gateways. This recommendation is -// intended to -// limit the blast radius of changes to GatewayClass or associated -// parameters. -// If implementations choose to propagate GatewayClass changes to -// existing -// Gateways, that MUST be clearly documented by the -// implementation. -// -// Whenever one or more Gateways are using a GatewayClass, -// implementations SHOULD -// add the `gateway-exists-finalizer.gateway.networking.k8s.io` -// finalizer on the -// associated GatewayClass. This ensures that a GatewayClass -// associated with a -// Gateway is not deleted while in use. -// -// GatewayClass is a Cluster level resource. -#GatewayClass: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "gateway.networking.k8s.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "GatewayClass" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // Spec defines the desired state of GatewayClass. - spec!: #GatewayClassSpec -} - -// Spec defines the desired state of GatewayClass. -#GatewayClassSpec: { - // ControllerName is the name of the controller that is managing - // Gateways of - // this class. The value of this field MUST be a domain prefixed - // path. - // - // Example: "example.net/gateway-controller". - // - // This field is not mutable and cannot be empty. - // - // Support: Core - controllerName!: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$" - } - - // Description helps describe a GatewayClass with more details. - description?: strings.MaxRunes(64) - - // ParametersRef is a reference to a resource that contains the - // configuration - // parameters corresponding to the GatewayClass. This is optional - // if the - // controller does not require any additional configuration. - // - // ParametersRef can reference a standard Kubernetes resource, - // i.e. ConfigMap, - // or an implementation-specific custom resource. The resource can - // be - // cluster-scoped or namespace-scoped. - // - // If the referent cannot be found, refers to an unsupported kind, - // or when - // the data within that resource is malformed, the GatewayClass - // SHOULD be - // rejected with the "Accepted" status condition set to "False" - // and an - // "InvalidParameters" reason. - // - // A Gateway for this GatewayClass may provide its own - // `parametersRef`. When both are specified, - // the merging behavior is implementation specific. - // It is generally recommended that GatewayClass provides defaults - // that can be overridden by a Gateway. - // - // Support: Implementation-specific - parametersRef?: { - // Group is the group of the referent. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referent. - // This field is required when referring to a Namespace-scoped - // resource and - // MUST be unset when referring to a Cluster-scoped resource. - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - } -} diff --git a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue b/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue deleted file mode 100644 index a1e538f0a..000000000 --- a/k8s/timoni/gateway/cue.mod/gen/gateway.networking.k8s.io/httproute/v1/types_gen.cue +++ /dev/null @@ -1,2266 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/envoyproxy/gateway/releases/download/v1.3.0/install.yaml - -package v1 - -import ( - "strings" - "list" -) - -// HTTPRoute provides a way to route HTTP requests. This includes -// the capability -// to match requests by hostname, path, header, or query param. -// Filters can be -// used to specify additional processing steps. Backends specify -// where matching -// requests should be routed. -#HTTPRoute: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "gateway.networking.k8s.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "HTTPRoute" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // Spec defines the desired state of HTTPRoute. - spec!: #HTTPRouteSpec -} - -// Spec defines the desired state of HTTPRoute. -#HTTPRouteSpec: { - // Hostnames defines a set of hostnames that should match against - // the HTTP Host - // header to select a HTTPRoute used to process the request. - // Implementations - // MUST ignore any port value specified in the HTTP Host header - // while - // performing a match and (absent of any applicable header - // modification - // configuration) MUST forward this header unmodified to the - // backend. - // - // Valid values for Hostnames are determined by RFC 1123 - // definition of a - // hostname with 2 notable exceptions: - // - // 1. IPs are not allowed. - // 2. A hostname may be prefixed with a wildcard label (`*.`). The - // wildcard - // label must appear by itself as the first label. - // - // If a hostname is specified by both the Listener and HTTPRoute, - // there - // must be at least one intersecting hostname for the HTTPRoute to - // be - // attached to the Listener. For example: - // - // * A Listener with `test.example.com` as the hostname matches - // HTTPRoutes - // that have either not specified any hostnames, or have specified - // at - // least one of `test.example.com` or `*.example.com`. - // * A Listener with `*.example.com` as the hostname matches - // HTTPRoutes - // that have either not specified any hostnames or have specified - // at least - // one hostname that matches the Listener hostname. For example, - // `*.example.com`, `test.example.com`, and `foo.test.example.com` - // would - // all match. On the other hand, `example.com` and - // `test.example.net` would - // not match. - // - // Hostnames that are prefixed with a wildcard label (`*.`) are - // interpreted - // as a suffix match. That means that a match for `*.example.com` - // would match - // both `test.example.com`, and `foo.test.example.com`, but not - // `example.com`. - // - // If both the Listener and HTTPRoute have specified hostnames, - // any - // HTTPRoute hostnames that do not match the Listener hostname - // MUST be - // ignored. For example, if a Listener specified `*.example.com`, - // and the - // HTTPRoute specified `test.example.com` and `test.example.net`, - // `test.example.net` must not be considered for a match. - // - // If both the Listener and HTTPRoute have specified hostnames, - // and none - // match with the criteria above, then the HTTPRoute is not - // accepted. The - // implementation must raise an 'Accepted' Condition with a status - // of - // `False` in the corresponding RouteParentStatus. - // - // In the event that multiple HTTPRoutes specify intersecting - // hostnames (e.g. - // overlapping wildcard matching and exact matching hostnames), - // precedence must - // be given to rules from the HTTPRoute with the largest number - // of: - // - // * Characters in a matching non-wildcard hostname. - // * Characters in a matching hostname. - // - // If ties exist across multiple Routes, the matching precedence - // rules for - // HTTPRouteMatches takes over. - // - // Support: Core - hostnames?: list.MaxItems(16) & [...strings.MaxRunes(253) & strings.MinRunes(1) & =~"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"] - - // ParentRefs references the resources (usually Gateways) that a - // Route wants - // to be attached to. Note that the referenced parent resource - // needs to - // allow this for the attachment to be complete. For Gateways, - // that means - // the Gateway needs to allow attachment from Routes of this kind - // and - // namespace. For Services, that means the Service must either be - // in the same - // namespace for a "producer" route, or the mesh implementation - // must support - // and allow "consumer" routes for the referenced Service. - // ReferenceGrant is - // not applicable for governing ParentRefs to Services - it is not - // possible to - // create a "producer" route for a Service in a different - // namespace from the - // Route. - // - // There are two kinds of parent resources with "Core" support: - // - // * Gateway (Gateway conformance profile) - // * Service (Mesh conformance profile, ClusterIP Services only) - // - // This API may be extended in the future to support additional - // kinds of parent - // resources. - // - // ParentRefs must be _distinct_. This means either that: - // - // * They select different objects. If this is the case, then - // parentRef - // entries are distinct. In terms of fields, this means that the - // multi-part key defined by `group`, `kind`, `namespace`, and - // `name` must - // be unique across all parentRef entries in the Route. - // * They do not select different objects, but for each optional - // field used, - // each ParentRef that selects the same object must set the same - // set of - // optional fields to different values. If one ParentRef sets a - // combination of optional fields, all must set the same - // combination. - // - // Some examples: - // - // * If one ParentRef sets `sectionName`, all ParentRefs - // referencing the - // same object must also set `sectionName`. - // * If one ParentRef sets `port`, all ParentRefs referencing the - // same - // object must also set `port`. - // * If one ParentRef sets `sectionName` and `port`, all - // ParentRefs - // referencing the same object must also set `sectionName` and - // `port`. - // - // It is possible to separately reference multiple distinct - // objects that may - // be collapsed by an implementation. For example, some - // implementations may - // choose to merge compatible Gateway Listeners together. If that - // is the - // case, the list of routes attached to those resources should - // also be - // merged. - // - // Note that for ParentRefs that cross namespace boundaries, there - // are specific - // rules. Cross-namespace references are only valid if they are - // explicitly - // allowed by something in the namespace they are referring to. - // For example, - // Gateway has the AllowedRoutes field, and ReferenceGrant - // provides a - // generic way to enable other kinds of cross-namespace reference. - // - // - // ParentRefs from a Route to a Service in the same namespace are - // "producer" - // routes, which apply default routing rules to inbound - // connections from - // any namespace to the Service. - // - // ParentRefs from a Route to a Service in a different namespace - // are - // "consumer" routes, and these routing rules are only applied to - // outbound - // connections originating from the same namespace as the Route, - // for which - // the intended destination of the connections are a Service - // targeted as a - // ParentRef of the Route. - parentRefs?: list.MaxItems(32) & [...{ - // Group is the group of the referent. - // When unspecified, "gateway.networking.k8s.io" is inferred. - // To set the core API group (such as for a "Service" kind - // referent), - // Group must be explicitly set to "" (empty string). - // - // Support: Core - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"gateway.networking.k8s.io" - - // Kind is kind of the referent. - // - // There are two kinds of parent resources with "Core" support: - // - // * Gateway (Gateway conformance profile) - // * Service (Mesh conformance profile, ClusterIP Services only) - // - // Support for other resources is Implementation-Specific. - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Gateway" - - // Name is the name of the referent. - // - // Support: Core - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the referent. When unspecified, - // this refers - // to the local namespace of the Route. - // - // Note that there are specific rules for ParentRefs which cross - // namespace - // boundaries. Cross-namespace references are only valid if they - // are explicitly - // allowed by something in the namespace they are referring to. - // For example: - // Gateway has the AllowedRoutes field, and ReferenceGrant - // provides a - // generic way to enable any other kind of cross-namespace - // reference. - // - // - // ParentRefs from a Route to a Service in the same namespace are - // "producer" - // routes, which apply default routing rules to inbound - // connections from - // any namespace to the Service. - // - // ParentRefs from a Route to a Service in a different namespace - // are - // "consumer" routes, and these routing rules are only applied to - // outbound - // connections originating from the same namespace as the Route, - // for which - // the intended destination of the connections are a Service - // targeted as a - // ParentRef of the Route. - // - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port is the network port this Route targets. It can be - // interpreted - // differently based on the type of parent resource. - // - // When the parent resource is a Gateway, this targets all - // listeners - // listening on the specified port that also support this kind of - // Route(and - // select this Route). It's not recommended to set `Port` unless - // the - // networking behaviors specified in a Route must apply to a - // specific port - // as opposed to a listener(s) whose port(s) may be changed. When - // both Port - // and SectionName are specified, the name and port of the - // selected listener - // must match both specified values. - // - // - // When the parent resource is a Service, this targets a specific - // port in the - // Service spec. When both Port (experimental) and SectionName are - // specified, - // the name and port of the selected port must match both - // specified values. - // - // - // Implementations MAY choose to support other parent resources. - // Implementations supporting other types of parent resources MUST - // clearly - // document how/if Port is interpreted. - // - // For the purpose of status, an attachment is considered - // successful as - // long as the parent resource accepts it partially. For example, - // Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment - // from the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, - // the Route MUST be considered detached from the Gateway. - // - // Support: Extended - port?: uint16 & >=1 - - // SectionName is the name of a section within the target - // resource. In the - // following resources, SectionName is interpreted as the - // following: - // - // * Gateway: Listener name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // * Service: Port name. When both Port (experimental) and - // SectionName - // are specified, the name and port of the selected listener must - // match - // both specified values. - // - // Implementations MAY choose to support attaching Routes to other - // resources. - // If that is the case, they MUST clearly document how SectionName - // is - // interpreted. - // - // When unspecified (empty string), this will reference the entire - // resource. - // For the purpose of status, an attachment is considered - // successful if at - // least one section in the parent resource accepts it. For - // example, Gateway - // listeners can restrict which Routes can attach to them by Route - // kind, - // namespace, or hostname. If 1 of 2 Gateway listeners accept - // attachment from - // the referencing Route, the Route MUST be considered - // successfully - // attached. If no Gateway listeners accept attachment from this - // Route, the - // Route MUST be considered detached from the Gateway. - // - // Support: Core - sectionName?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - }] - - // Rules are a list of HTTP matchers, filters and actions. - rules?: list.MaxItems(16) & [...{ - // BackendRefs defines the backend(s) where matching requests - // should be - // sent. - // - // Failure behavior here depends on how many BackendRefs are - // specified and - // how many are invalid. - // - // If *all* entries in BackendRefs are invalid, and there are also - // no filters - // specified in this route rule, *all* traffic which matches this - // rule MUST - // receive a 500 status code. - // - // See the HTTPBackendRef definition for the rules about what - // makes a single - // HTTPBackendRef invalid. - // - // When a HTTPBackendRef is invalid, 500 status codes MUST be - // returned for - // requests that would have otherwise been routed to an invalid - // backend. If - // multiple backends are specified, and some are invalid, the - // proportion of - // requests that would otherwise have been routed to an invalid - // backend - // MUST receive a 500 status code. - // - // For example, if two backends are specified with equal weights, - // and one is - // invalid, 50 percent of traffic must receive a 500. - // Implementations may - // choose how that 50 percent is determined. - // - // When a HTTPBackendRef refers to a Service that has no ready - // endpoints, - // implementations SHOULD return a 503 for requests to that - // backend instead. - // If an implementation chooses to do this, all of the above rules - // for 500 responses - // MUST also apply for responses that return a 503. - // - // Support: Core for Kubernetes Service - // - // Support: Extended for Kubernetes ServiceImport - // - // Support: Implementation-specific for any other resource - // - // Support for weight: Core - backendRefs?: list.MaxItems(16) & [...{ - // Filters defined at this level should be executed if and only if - // the - // request is being forwarded to the backend defined here. - // - // Support: Implementation-specific (For broader support of - // filters, use the - // Filters field in HTTPRouteRule.) - filters?: list.MaxItems(16) & [...{ - // ExtensionRef is an optional, implementation-specific extension - // to the - // "filter" behavior. For example, resource "myroutefilter" in - // group - // "networking.example.net"). ExtensionRef MUST NOT be used for - // core and - // extended filters. - // - // This filter can be used multiple times within the same rule. - // - // Support: Implementation-specific - extensionRef?: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. For example "HTTPRoute" or - // "Service". - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - } - - // RequestHeaderModifier defines a schema for a filter that - // modifies request - // headers. - // - // Support: Core - requestHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // RequestMirror defines a schema for a filter that mirrors - // requests. - // Requests are sent to the specified destination, but responses - // from - // that destination are ignored. - // - // This filter can be used multiple times within the same rule. - // Note that - // not all implementations will be able to support mirroring to - // multiple - // backends. - // - // Support: Extended - requestMirror?: { - // BackendRef references a resource where mirrored requests are - // sent. - // - // Mirrored requests must be sent only to a single destination - // endpoint - // within this BackendRef, irrespective of how many endpoints are - // present - // within this BackendRef. - // - // If the referent cannot be found, this BackendRef is invalid and - // must be - // dropped from the Gateway. The controller must ensure the - // "ResolvedRefs" - // condition on the Route status is set to `status: False` and not - // configure - // this backend in the underlying implementation. - // - // If there is a cross-namespace reference to an *existing* object - // that is not allowed by a ReferenceGrant, the controller must - // ensure the - // "ResolvedRefs" condition on the Route is set to `status: - // False`, - // with the "RefNotPermitted" reason and not configure this - // backend in the - // underlying implementation. - // - // In either error case, the Message of the `ResolvedRefs` - // Condition - // should be used to provide more detail about the problem. - // - // Support: Extended for Kubernetes Service - // - // Support: Implementation-specific for any other resource - backendRef!: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - } - - // Fraction represents the fraction of requests that should be - // mirrored to BackendRef. - // - // Only one of Fraction or Percent may be specified. If neither - // field - // is specified, 100% of requests will be mirrored. - fraction?: { - denominator?: int32 & int & >=1 | *100 - numerator!: int32 & >=0 - } - - // Percent represents the percentage of requests that should be - // mirrored to BackendRef. Its minimum value is 0 (indicating 0% - // of - // requests) and its maximum value is 100 (indicating 100% of - // requests). - // - // Only one of Fraction or Percent may be specified. If neither - // field - // is specified, 100% of requests will be mirrored. - percent?: uint & <=100 - } - - // RequestRedirect defines a schema for a filter that responds to - // the - // request with an HTTP redirection. - // - // Support: Core - requestRedirect?: { - // Hostname is the hostname to be used in the value of the - // `Location` - // header in the response. - // When empty, the hostname in the `Host` header of the request is - // used. - // - // Support: Core - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines parameters used to modify the path of the incoming - // request. - // The modified path is then used to construct the `Location` - // header. When - // empty, the request path is used as-is. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - - // Port is the port to be used in the value of the `Location` - // header in the response. - // - // If no port is specified, the redirect port MUST be derived - // using the - // following rules: - // - // * If redirect scheme is not-empty, the redirect port MUST be - // the well-known - // port associated with the redirect scheme. Specifically "http" - // to port 80 - // and "https" to port 443. If the redirect scheme does not have a - // well-known port, the listener port of the Gateway SHOULD be - // used. - // * If redirect scheme is empty, the redirect port MUST be the - // Gateway - // Listener port. - // - // Implementations SHOULD NOT add the port number in the - // 'Location' - // header in the following cases: - // - // * A Location header that will use HTTP (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 80. - // * A Location header that will use HTTPS (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 443. - // - // Support: Extended - port?: uint16 & >=1 - - // Scheme is the scheme to be used in the value of the `Location` - // header in - // the response. When empty, the scheme of the request is used. - // - // Scheme redirects can affect the port of the redirect, for more - // information, - // refer to the documentation for the port field of this filter. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Extended - scheme?: "http" | "https" - - // StatusCode is the HTTP status code to be used in response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Core - statusCode?: (301 | 302) & int | *302 - } - - // ResponseHeaderModifier defines a schema for a filter that - // modifies response - // headers. - // - // Support: Extended - responseHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // Type identifies the type of filter to apply. As with other API - // fields, - // types are classified into three conformance levels: - // - // - Core: Filter types and their corresponding configuration - // defined by - // "Support: Core" in this package, e.g. "RequestHeaderModifier". - // All - // implementations must support core filters. - // - // - Extended: Filter types and their corresponding configuration - // defined by - // "Support: Extended" in this package, e.g. "RequestMirror". - // Implementers - // are encouraged to support extended filters. - // - // - Implementation-specific: Filters that are defined and - // supported by - // specific vendors. - // In the future, filters showing convergence in behavior across - // multiple - // implementations will be considered for inclusion in extended or - // core - // conformance levels. Filter-specific configuration for such - // filters - // is specified using the ExtensionRef field. `Type` should be set - // to - // "ExtensionRef" for custom filters. - // - // Implementers are encouraged to define custom implementation - // types to - // extend the core API with implementation-specific behavior. - // - // If a reference to a custom filter type cannot be resolved, the - // filter - // MUST NOT be skipped. Instead, requests that would have been - // processed by - // that filter MUST receive a HTTP error response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef" - - // URLRewrite defines a schema for a filter that modifies a - // request during forwarding. - // - // Support: Extended - urlRewrite?: { - // Hostname is the value to be used to replace the Host header - // value during - // forwarding. - // - // Support: Extended - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines a path rewrite. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - } - }] - - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - - // Weight specifies the proportion of requests forwarded to the - // referenced - // backend. This is computed as weight/(sum of all weights in this - // BackendRefs list). For non-zero values, there may be some - // epsilon from - // the exact proportion defined here depending on the precision an - // implementation supports. Weight is not a percentage and the sum - // of - // weights does not need to equal 100. - // - // If only one backend is specified and it has a weight greater - // than 0, 100% - // of the traffic is forwarded to that backend. If weight is set - // to 0, no - // traffic should be forwarded for this entry. If unspecified, - // weight - // defaults to 1. - // - // Support for this field varies based on the context where used. - weight?: int32 & int & <=1000000 & >=0 | *1 - }] - - // Filters define the filters that are applied to requests that - // match - // this rule. - // - // Wherever possible, implementations SHOULD implement filters in - // the order - // they are specified. - // - // Implementations MAY choose to implement this ordering strictly, - // rejecting - // any combination or order of filters that can not be supported. - // If implementations - // choose a strict interpretation of filter ordering, they MUST - // clearly document - // that behavior. - // - // To reject an invalid combination or order of filters, - // implementations SHOULD - // consider the Route Rules with this configuration invalid. If - // all Route Rules - // in a Route are invalid, the entire Route would be considered - // invalid. If only - // a portion of Route Rules are invalid, implementations MUST set - // the - // "PartiallyInvalid" condition for the Route. - // - // Conformance-levels at this level are defined based on the type - // of filter: - // - // - ALL core filters MUST be supported by all implementations. - // - Implementers are encouraged to support extended filters. - // - Implementation-specific custom filters have no API guarantees - // across - // implementations. - // - // Specifying the same filter multiple times is not supported - // unless explicitly - // indicated in the filter. - // - // All filters are expected to be compatible with each other - // except for the - // URLRewrite and RequestRedirect filters, which may not be - // combined. If an - // implementation can not support other combinations of filters, - // they must clearly - // document that limitation. In cases where incompatible or - // unsupported - // filters are specified and cause the `Accepted` condition to be - // set to status - // `False`, implementations may use the `IncompatibleFilters` - // reason to specify - // this configuration error. - // - // Support: Core - filters?: list.MaxItems(16) & [...{ - // ExtensionRef is an optional, implementation-specific extension - // to the - // "filter" behavior. For example, resource "myroutefilter" in - // group - // "networking.example.net"). ExtensionRef MUST NOT be used for - // core and - // extended filters. - // - // This filter can be used multiple times within the same rule. - // - // Support: Implementation-specific - extensionRef?: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group!: strings.MaxRunes(253) & { - =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Kind is kind of the referent. For example "HTTPRoute" or - // "Service". - kind!: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" - } - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - } - - // RequestHeaderModifier defines a schema for a filter that - // modifies request - // headers. - // - // Support: Core - requestHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // RequestMirror defines a schema for a filter that mirrors - // requests. - // Requests are sent to the specified destination, but responses - // from - // that destination are ignored. - // - // This filter can be used multiple times within the same rule. - // Note that - // not all implementations will be able to support mirroring to - // multiple - // backends. - // - // Support: Extended - requestMirror?: { - // BackendRef references a resource where mirrored requests are - // sent. - // - // Mirrored requests must be sent only to a single destination - // endpoint - // within this BackendRef, irrespective of how many endpoints are - // present - // within this BackendRef. - // - // If the referent cannot be found, this BackendRef is invalid and - // must be - // dropped from the Gateway. The controller must ensure the - // "ResolvedRefs" - // condition on the Route status is set to `status: False` and not - // configure - // this backend in the underlying implementation. - // - // If there is a cross-namespace reference to an *existing* object - // that is not allowed by a ReferenceGrant, the controller must - // ensure the - // "ResolvedRefs" condition on the Route is set to `status: - // False`, - // with the "RefNotPermitted" reason and not configure this - // backend in the - // underlying implementation. - // - // In either error case, the Message of the `ResolvedRefs` - // Condition - // should be used to provide more detail about the problem. - // - // Support: Extended for Kubernetes Service - // - // Support: Implementation-specific for any other resource - backendRef!: { - // Group is the group of the referent. For example, - // "gateway.networking.k8s.io". - // When unspecified or empty string, core API group is inferred. - group?: strings.MaxRunes(253) & =~"^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" | *"" - - // Kind is the Kubernetes resource kind of the referent. For - // example - // "Service". - // - // Defaults to "Service" when not specified. - // - // ExternalName services can refer to CNAME DNS records that may - // live - // outside of the cluster and as such are difficult to reason - // about in - // terms of conformance. They also may not be safe to forward to - // (see - // CVE-2021-25740 for more information). Implementations SHOULD - // NOT - // support ExternalName Services. - // - // Support: Core (Services with a type other than ExternalName) - // - // Support: Implementation-specific (Services with type - // ExternalName) - kind?: strings.MaxRunes(63) & strings.MinRunes(1) & =~"^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" | *"Service" - - // Name is the name of the referent. - name!: strings.MaxRunes(253) & strings.MinRunes(1) - - // Namespace is the namespace of the backend. When unspecified, - // the local - // namespace is inferred. - // - // Note that when a namespace different than the local namespace - // is specified, - // a ReferenceGrant object is required in the referent namespace - // to allow that - // namespace's owner to accept the reference. See the - // ReferenceGrant - // documentation for details. - // - // Support: Core - namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" - } - - // Port specifies the destination port number to use for this - // resource. - // Port is required when the referent is a Kubernetes Service. In - // this - // case, the port number is the service port number, not the - // target port. - // For other resources, destination port might be derived from the - // referent - // resource or this field. - port?: uint16 & >=1 - } - - // Fraction represents the fraction of requests that should be - // mirrored to BackendRef. - // - // Only one of Fraction or Percent may be specified. If neither - // field - // is specified, 100% of requests will be mirrored. - fraction?: { - denominator?: int32 & int & >=1 | *100 - numerator!: int32 & >=0 - } - - // Percent represents the percentage of requests that should be - // mirrored to BackendRef. Its minimum value is 0 (indicating 0% - // of - // requests) and its maximum value is 100 (indicating 100% of - // requests). - // - // Only one of Fraction or Percent may be specified. If neither - // field - // is specified, 100% of requests will be mirrored. - percent?: uint & <=100 - } - - // RequestRedirect defines a schema for a filter that responds to - // the - // request with an HTTP redirection. - // - // Support: Core - requestRedirect?: { - // Hostname is the hostname to be used in the value of the - // `Location` - // header in the response. - // When empty, the hostname in the `Host` header of the request is - // used. - // - // Support: Core - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines parameters used to modify the path of the incoming - // request. - // The modified path is then used to construct the `Location` - // header. When - // empty, the request path is used as-is. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - - // Port is the port to be used in the value of the `Location` - // header in the response. - // - // If no port is specified, the redirect port MUST be derived - // using the - // following rules: - // - // * If redirect scheme is not-empty, the redirect port MUST be - // the well-known - // port associated with the redirect scheme. Specifically "http" - // to port 80 - // and "https" to port 443. If the redirect scheme does not have a - // well-known port, the listener port of the Gateway SHOULD be - // used. - // * If redirect scheme is empty, the redirect port MUST be the - // Gateway - // Listener port. - // - // Implementations SHOULD NOT add the port number in the - // 'Location' - // header in the following cases: - // - // * A Location header that will use HTTP (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 80. - // * A Location header that will use HTTPS (whether that is - // determined via - // the Listener protocol or the Scheme field) _and_ use port 443. - // - // Support: Extended - port?: uint16 & >=1 - - // Scheme is the scheme to be used in the value of the `Location` - // header in - // the response. When empty, the scheme of the request is used. - // - // Scheme redirects can affect the port of the redirect, for more - // information, - // refer to the documentation for the port field of this filter. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Extended - scheme?: "http" | "https" - - // StatusCode is the HTTP status code to be used in response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - // - // Support: Core - statusCode?: (301 | 302) & int | *302 - } - - // ResponseHeaderModifier defines a schema for a filter that - // modifies response - // headers. - // - // Support: Extended - responseHeaderModifier?: { - // Add adds the given header(s) (name, value) to the request - // before the action. It appends to any existing values associated - // with the header name. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // add: - // - name: "my-header" - // value: "bar,baz" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: foo,bar,baz - add?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Remove the given header(s) from the HTTP request before the - // action. The - // value of Remove is a list of HTTP header names. Note that the - // header - // names are case-insensitive (see - // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - // - // Input: - // GET /foo HTTP/1.1 - // my-header1: foo - // my-header2: bar - // my-header3: baz - // - // Config: - // remove: ["my-header1", "my-header3"] - // - // Output: - // GET /foo HTTP/1.1 - // my-header2: bar - remove?: list.MaxItems(16) & [...string] - - // Set overwrites the request with the given header (name, value) - // before the action. - // - // Input: - // GET /foo HTTP/1.1 - // my-header: foo - // - // Config: - // set: - // - name: "my-header" - // value: "bar" - // - // Output: - // GET /foo HTTP/1.1 - // my-header: bar - set?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, the first - // entry with - // an equivalent name MUST be considered for a match. Subsequent - // entries - // with an equivalent header name MUST be ignored. Due to the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - } - - // Type identifies the type of filter to apply. As with other API - // fields, - // types are classified into three conformance levels: - // - // - Core: Filter types and their corresponding configuration - // defined by - // "Support: Core" in this package, e.g. "RequestHeaderModifier". - // All - // implementations must support core filters. - // - // - Extended: Filter types and their corresponding configuration - // defined by - // "Support: Extended" in this package, e.g. "RequestMirror". - // Implementers - // are encouraged to support extended filters. - // - // - Implementation-specific: Filters that are defined and - // supported by - // specific vendors. - // In the future, filters showing convergence in behavior across - // multiple - // implementations will be considered for inclusion in extended or - // core - // conformance levels. Filter-specific configuration for such - // filters - // is specified using the ExtensionRef field. `Type` should be set - // to - // "ExtensionRef" for custom filters. - // - // Implementers are encouraged to define custom implementation - // types to - // extend the core API with implementation-specific behavior. - // - // If a reference to a custom filter type cannot be resolved, the - // filter - // MUST NOT be skipped. Instead, requests that would have been - // processed by - // that filter MUST receive a HTTP error response. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "RequestHeaderModifier" | "ResponseHeaderModifier" | "RequestMirror" | "RequestRedirect" | "URLRewrite" | "ExtensionRef" - - // URLRewrite defines a schema for a filter that modifies a - // request during forwarding. - // - // Support: Extended - urlRewrite?: { - // Hostname is the value to be used to replace the Host header - // value during - // forwarding. - // - // Support: Extended - hostname?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Path defines a path rewrite. - // - // Support: Extended - path?: { - // ReplaceFullPath specifies the value with which to replace the - // full path - // of a request during a rewrite or redirect. - replaceFullPath?: strings.MaxRunes(1024) - - // ReplacePrefixMatch specifies the value with which to replace - // the prefix - // match of a request during a rewrite or redirect. For example, a - // request - // to "/foo/bar" with a prefix match of "/foo" and a - // ReplacePrefixMatch - // of "/xyz" would be modified to "/xyz/bar". - // - // Note that this matches the behavior of the PathPrefix match - // type. This - // matches full path elements. A path element refers to the list - // of labels - // in the path split by the `/` separator. When specified, a - // trailing `/` is - // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` - // would all - // match the prefix `/abc`, but the path `/abcd` would not. - // - // ReplacePrefixMatch is only compatible with a `PathPrefix` - // HTTPRouteMatch. - // Using any other HTTPRouteMatch type on the same HTTPRouteRule - // will result in - // the implementation setting the Accepted Condition for the Route - // to `status: False`. - // - // Request Path | Prefix Match | Replace Prefix | Modified Path - replacePrefixMatch?: strings.MaxRunes(1024) - - // Type defines the type of path modifier. Additional types may be - // added in a future release of the API. - // - // Note that values may be added to this enum, implementations - // must ensure that unknown values will not cause a crash. - // - // Unknown values here must result in the implementation setting - // the - // Accepted Condition for the Route to `status: False`, with a - // Reason of `UnsupportedValue`. - type!: "ReplaceFullPath" | "ReplacePrefixMatch" - } - } - }] - - // Matches define conditions used for matching the rule against - // incoming - // HTTP requests. Each match is independent, i.e. this rule will - // be matched - // if **any** one of the matches is satisfied. - // - // For example, take the following matches configuration: - // - // ``` - // matches: - // - path: - // value: "/foo" - // headers: - // - name: "version" - // value: "v2" - // - path: - // value: "/v2/foo" - // ``` - // - // For a request to match against this rule, a request must - // satisfy - // EITHER of the two conditions: - // - // - path prefixed with `/foo` AND contains the header `version: - // v2` - // - path prefix of `/v2/foo` - // - // See the documentation for HTTPRouteMatch on how to specify - // multiple - // match conditions that should be ANDed together. - // - // If no matches are specified, the default is a prefix - // path match on "/", which has the effect of matching every - // HTTP request. - // - // Proxy or Load Balancer routing configuration generated from - // HTTPRoutes - // MUST prioritize matches based on the following criteria, - // continuing on - // ties. Across all rules specified on applicable Routes, - // precedence must be - // given to the match having: - // - // * "Exact" path match. - // * "Prefix" path match with largest number of characters. - // * Method match. - // * Largest number of header matches. - // * Largest number of query param matches. - // - // Note: The precedence of RegularExpression path matches are - // implementation-specific. - // - // If ties still exist across multiple Routes, matching precedence - // MUST be - // determined in order of the following criteria, continuing on - // ties: - // - // * The oldest Route based on creation timestamp. - // * The Route appearing first in alphabetical order by - // "{namespace}/{name}". - // - // If ties still exist within an HTTPRoute, matching precedence - // MUST be granted - // to the FIRST matching rule (in list order) with a match meeting - // the above - // criteria. - // - // When no rules matching a request have been successfully - // attached to the - // parent a request is coming from, a HTTP 404 status code MUST be - // returned. - matches?: list.MaxItems(64) & [...{ - // Headers specifies HTTP request header matchers. Multiple match - // values are - // ANDed together, meaning, a request must match all the specified - // headers - // to select the route. - headers?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP Header to be matched. Name - // matching MUST be - // case insensitive. (See - // https://tools.ietf.org/html/rfc7230#section-3.2). - // - // If multiple entries specify equivalent header names, only the - // first - // entry with an equivalent name MUST be considered for a match. - // Subsequent - // entries with an equivalent header name MUST be ignored. Due to - // the - // case-insensitivity of header names, "foo" and "Foo" are - // considered - // equivalent. - // - // When a header is repeated in an HTTP request, it is - // implementation-specific behavior as to how this is represented. - // Generally, proxies should follow the guidance from the RFC: - // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 - // regarding - // processing a repeated header, with special handling for - // "Set-Cookie". - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Type specifies how to match against the value of the header. - // - // Support: Core (Exact) - // - // Support: Implementation-specific (RegularExpression) - // - // Since RegularExpression HeaderMatchType has - // implementation-specific - // conformance, implementations can support POSIX, PCRE or any - // other dialects - // of regular expressions. Please read the implementation's - // documentation to - // determine the supported dialect. - type?: "Exact" | "RegularExpression" | *"Exact" - - // Value is the value of HTTP Header to be matched. - value!: strings.MaxRunes(4096) & strings.MinRunes(1) - }] - - // Method specifies HTTP method matcher. - // When specified, this route will be matched only if the request - // has the - // specified method. - // - // Support: Extended - method?: "GET" | "HEAD" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" - - // Path specifies a HTTP request path matcher. If this field is - // not - // specified, a default prefix match on the "/" path is provided. - path?: { - // Type specifies how to match against the path Value. - // - // Support: Core (Exact, PathPrefix) - // - // Support: Implementation-specific (RegularExpression) - type?: "Exact" | "PathPrefix" | "RegularExpression" | *"PathPrefix" - - // Value of the HTTP path to match against. - value?: strings.MaxRunes(1024) | *"/" - } | *{ - type: "PathPrefix" - value: "/" - } - - // QueryParams specifies HTTP query parameter matchers. Multiple - // match - // values are ANDed together, meaning, a request must match all - // the - // specified query parameters to select the route. - // - // Support: Extended - queryParams?: list.MaxItems(16) & [...{ - // Name is the name of the HTTP query param to be matched. This - // must be an - // exact string match. (See - // https://tools.ietf.org/html/rfc7230#section-2.7.3). - // - // If multiple entries specify equivalent query param names, only - // the first - // entry with an equivalent name MUST be considered for a match. - // Subsequent - // entries with an equivalent query param name MUST be ignored. - // - // If a query param is repeated in an HTTP request, the behavior - // is - // purposely left undefined, since different data planes have - // different - // capabilities. However, it is *recommended* that implementations - // should - // match against the first value of the param if the data plane - // supports it, - // as this behavior is expected in other load balancing contexts - // outside of - // the Gateway API. - // - // Users SHOULD NOT route traffic based on repeated query params - // to guard - // themselves against potential differences in the - // implementations. - name!: strings.MaxRunes(256) & strings.MinRunes(1) & { - =~"^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" - } - - // Type specifies how to match against the value of the query - // parameter. - // - // Support: Extended (Exact) - // - // Support: Implementation-specific (RegularExpression) - // - // Since RegularExpression QueryParamMatchType has - // Implementation-specific - // conformance, implementations can support POSIX, PCRE or any - // other - // dialects of regular expressions. Please read the - // implementation's - // documentation to determine the supported dialect. - type?: "Exact" | "RegularExpression" | *"Exact" - - // Value is the value of HTTP query param to be matched. - value!: strings.MaxRunes(1024) & strings.MinRunes(1) - }] - }] | *[{ - path: { - type: "PathPrefix" - value: "/" - } - }] - - // Name is the name of the route rule. This name MUST be unique - // within a Route if it is set. - // - // Support: Extended - name?: strings.MaxRunes(253) & strings.MinRunes(1) & { - =~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" - } - - // Retry defines the configuration for when to retry an HTTP - // request. - // - // Support: Extended - retry?: { - // Attempts specifies the maxmimum number of times an individual - // request - // from the gateway to a backend should be retried. - // - // If the maximum number of retries has been attempted without a - // successful - // response from the backend, the Gateway MUST return an error. - // - // When this field is unspecified, the number of times to attempt - // to retry - // a backend request is implementation-specific. - // - // Support: Extended - attempts?: int - - // Backoff specifies the minimum duration a Gateway should wait - // between - // retry attempts and is represented in Gateway API Duration - // formatting. - // - // For example, setting the `rules[].retry.backoff` field to the - // value - // `100ms` will cause a backend request to first be retried - // approximately - // 100 milliseconds after timing out or receiving a response code - // configured - // to be retryable. - // - // An implementation MAY use an exponential or alternative backoff - // strategy - // for subsequent retry attempts, MAY cap the maximum backoff - // duration to - // some amount greater than the specified minimum, and MAY add - // arbitrary - // jitter to stagger requests, as long as unsuccessful backend - // requests are - // not retried before the configured minimum duration. - // - // If a Request timeout (`rules[].timeouts.request`) is configured - // on the - // route, the entire duration of the initial request and any retry - // attempts - // MUST not exceed the Request timeout duration. If any retry - // attempts are - // still in progress when the Request timeout duration has been - // reached, - // these SHOULD be canceled if possible and the Gateway MUST - // immediately - // return a timeout error. - // - // If a BackendRequest timeout (`rules[].timeouts.backendRequest`) - // is - // configured on the route, any retry attempts which reach the - // configured - // BackendRequest timeout duration without a response SHOULD be - // canceled if - // possible and the Gateway should wait for at least the specified - // backoff - // duration before attempting to retry the backend request again. - // - // If a BackendRequest timeout is _not_ configured on the route, - // retry - // attempts MAY time out after an implementation default duration, - // or MAY - // remain pending until a configured Request timeout or - // implementation - // default duration for total request time is reached. - // - // When this field is unspecified, the time to wait between retry - // attempts - // is implementation-specific. - // - // Support: Extended - backoff?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - - // Codes defines the HTTP response status codes for which a - // backend request - // should be retried. - // - // Support: Extended - codes?: [...int & <=599 & >=400] - } - - // SessionPersistence defines and configures session persistence - // for the route rule. - // - // Support: Extended - sessionPersistence?: { - // AbsoluteTimeout defines the absolute timeout of the persistent - // session. Once the AbsoluteTimeout duration has elapsed, the - // session becomes invalid. - // - // Support: Extended - absoluteTimeout?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - cookieConfig?: { - // LifetimeType specifies whether the cookie has a permanent or - // session-based lifetime. A permanent cookie persists until its - // specified expiry time, defined by the Expires or Max-Age cookie - // attributes, while a session cookie is deleted when the current - // session ends. - // - // When set to "Permanent", AbsoluteTimeout indicates the - // cookie's lifetime via the Expires or Max-Age cookie attributes - // and is required. - // - // When set to "Session", AbsoluteTimeout indicates the - // absolute lifetime of the cookie tracked by the gateway and - // is optional. - // - // Support: Core for "Session" type - // - // Support: Extended for "Permanent" type - lifetimeType?: "Permanent" | "Session" | *"Session" - } - - // IdleTimeout defines the idle timeout of the persistent session. - // Once the session has been idle for more than the specified - // IdleTimeout duration, the session becomes invalid. - // - // Support: Extended - idleTimeout?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - - // SessionName defines the name of the persistent session token - // which may be reflected in the cookie or the header. Users - // should avoid reusing session names to prevent unintended - // consequences, such as rejection or unpredictable behavior. - // - // Support: Implementation-specific - sessionName?: strings.MaxRunes(128) - - // Type defines the type of session persistence such as through - // the use a header or cookie. Defaults to cookie based session - // persistence. - // - // Support: Core for "Cookie" type - // - // Support: Extended for "Header" type - type?: "Cookie" | "Header" | *"Cookie" - } - - // Timeouts defines the timeouts that can be configured for an - // HTTP request. - // - // Support: Extended - timeouts?: { - // BackendRequest specifies a timeout for an individual request - // from the gateway - // to a backend. This covers the time from when the request first - // starts being - // sent from the gateway to when the full response has been - // received from the backend. - // - // Setting a timeout to the zero duration (e.g. "0s") SHOULD - // disable the timeout - // completely. Implementations that cannot completely disable the - // timeout MUST - // instead interpret the zero duration as the longest possible - // value to which - // the timeout can be set. - // - // An entire client HTTP transaction with a gateway, covered by - // the Request timeout, - // may result in more than one call from the gateway to the - // destination backend, - // for example, if automatic retries are supported. - // - // The value of BackendRequest must be a Gateway API Duration - // string as defined by - // GEP-2257. When this field is unspecified, its behavior is - // implementation-specific; - // when specified, the value of BackendRequest must be no more - // than the value of the - // Request timeout (since the Request timeout encompasses the - // BackendRequest timeout). - // - // Support: Extended - backendRequest?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - - // Request specifies the maximum duration for a gateway to respond - // to an HTTP request. - // If the gateway has not been able to respond before this - // deadline is met, the gateway - // MUST return a timeout error. - // - // For example, setting the `rules.timeouts.request` field to the - // value `10s` in an - // `HTTPRoute` will cause a timeout if a client request is taking - // longer than 10 seconds - // to complete. - // - // Setting a timeout to the zero duration (e.g. "0s") SHOULD - // disable the timeout - // completely. Implementations that cannot completely disable the - // timeout MUST - // instead interpret the zero duration as the longest possible - // value to which - // the timeout can be set. - // - // This timeout is intended to cover as close to the whole - // request-response transaction - // as possible although an implementation MAY choose to start the - // timeout after the entire - // request stream has been received instead of immediately after - // the transaction is - // initiated by the client. - // - // The value of Request is a Gateway API Duration string as - // defined by GEP-2257. When this - // field is unspecified, request timeout behavior is - // implementation-specific. - // - // Support: Extended - request?: =~"^([0-9]{1,5}(h|m|s|ms)){1,4}$" - } - }] | *[{ - matches: [{ - path: { - type: "PathPrefix" - value: "/" - } - }] - }] -} diff --git a/k8s/timoni/gateway/cue.mod/module.cue b/k8s/timoni/gateway/cue.mod/module.cue deleted file mode 100644 index 3004290e3..000000000 --- a/k8s/timoni/gateway/cue.mod/module.cue +++ /dev/null @@ -1,2 +0,0 @@ -module: "timoni.sh/gateway" -language: version: "v0.9.0" diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99d..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43f..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f098967..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e4..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b0621..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505d..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699e..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573ae..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384b..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397f..000000000 --- a/k8s/timoni/gateway/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/k8s/timoni/gateway/templates/config.cue b/k8s/timoni/gateway/templates/config.cue deleted file mode 100644 index 56cbabafc..000000000 --- a/k8s/timoni/gateway/templates/config.cue +++ /dev/null @@ -1,26 +0,0 @@ -package templates - -import ( - timoniv1 "timoni.sh/core/v1alpha1" -) - -#Config: { - kubeVersion!: string - moduleVersion!: string - - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - metadata: labels: timoniv1.#Labels - metadata: annotations?: timoniv1.#Annotations - - selector: timoniv1.#Selector & {#Name: metadata.name} -} - -#Instance: { - config: #Config - - objects: { - gatewayclass: #GatewayClass & {#config: config} - gateway: #Gateway & {#config: config} - httproute: #HTTPRoute & {#config: config} - } -} diff --git a/k8s/timoni/gateway/templates/gateway.cue b/k8s/timoni/gateway/templates/gateway.cue deleted file mode 100644 index 5edae25bf..000000000 --- a/k8s/timoni/gateway/templates/gateway.cue +++ /dev/null @@ -1,31 +0,0 @@ -package templates - -import ( - gatewayv1 "gateway.networking.k8s.io/gateway/v1" -) - -#Gateway: gatewayv1.#Gateway & { - #config: #Config - apiVersion: "gateway.networking.k8s.io/v1" - kind: "Gateway" - metadata: #config.metadata - metadata: annotations: "cert-manager.io/issuer": "codebattle" - spec: { - gatewayClassName: metadata.name - listeners: [{ - name: "http" - port: 80 - protocol: "HTTP" - }, { - name: "https" - port: 443 - protocol: "HTTPS" - tls: { - mode: "Terminate" - certificateRefs: [{ - name: metadata.name - }] - } - }] - } -} diff --git a/k8s/timoni/gateway/templates/gatewayclass.cue b/k8s/timoni/gateway/templates/gatewayclass.cue deleted file mode 100644 index 401819365..000000000 --- a/k8s/timoni/gateway/templates/gatewayclass.cue +++ /dev/null @@ -1,13 +0,0 @@ -package templates - -import ( - gatewayv1 "gateway.networking.k8s.io/gatewayclass/v1" -) - -#GatewayClass: gatewayv1.#GatewayClass & { - #config: #Config - apiVersion: "gateway.networking.k8s.io/v1" - kind: "GatewayClass" - metadata: #config.metadata - spec: controllerName: "gateway.envoyproxy.io/gatewayclass-controller" -} diff --git a/k8s/timoni/gateway/templates/httproute.cue b/k8s/timoni/gateway/templates/httproute.cue deleted file mode 100644 index 5cc3d8f93..000000000 --- a/k8s/timoni/gateway/templates/httproute.cue +++ /dev/null @@ -1,24 +0,0 @@ -package templates - -import ( - gatewayv1 "gateway.networking.k8s.io/httproute/v1" -) - -#HTTPRoute: gatewayv1.#HTTPRoute & { - #config: #Config - apiVersion: "gateway.networking.k8s.io/v1" - kind: "HTTPRoute" - metadata: #config.metadata - spec: { - parentRefs: [{ - name: metadata.name - sectionName: "http" - }] - rules: [{ - filters: [{ - type: "RequestRedirect" - requestRedirect: scheme: "https" - }] - }] - } -} diff --git a/k8s/timoni/gateway/timoni.cue b/k8s/timoni/gateway/timoni.cue deleted file mode 100644 index 1827afaef..000000000 --- a/k8s/timoni/gateway/timoni.cue +++ /dev/null @@ -1,25 +0,0 @@ -package main - -import ( - templates "timoni.sh/gateway/templates" -) - -values: templates.#Config - -timoni: { - apiVersion: "v1alpha1" - - instance: templates.#Instance & { - config: values - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - apply: app: [for obj in instance.objects {obj}] -} diff --git a/k8s/timoni/gateway/timoni.ignore b/k8s/timoni/gateway/timoni.ignore deleted file mode 100644 index 0722c3486..000000000 --- a/k8s/timoni/gateway/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/k8s/timoni/gateway/values.cue b/k8s/timoni/gateway/values.cue deleted file mode 100644 index 17bc0aff9..000000000 --- a/k8s/timoni/gateway/values.cue +++ /dev/null @@ -1,3 +0,0 @@ -package main - -values: {} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a3027906..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce0..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abce..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff5..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b6..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c097336..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue deleted file mode 100644 index 1c83e8b4f..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -#GroupName: "rbac.authorization.k8s.io" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue deleted file mode 100644 index 521e355e9..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue +++ /dev/null @@ -1,207 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -#APIGroupAll: "*" -#ResourceAll: "*" -#VerbAll: "*" -#NonResourceAll: "*" -#GroupKind: "Group" -#ServiceAccountKind: "ServiceAccount" -#UserKind: "User" - -// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" -#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate" - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -#PolicyRule: { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. '*' represents all resources. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep) -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -// +structType=atomic -#Subject: { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - // +optional - apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup) - - // Name of the object being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - // +optional - namespace?: string @go(Namespace) @protobuf(4,bytes,opt) -} - -// RoleRef contains information that points to the role being used -// +structType=atomic -#RoleRef: { - // APIGroup is the group for the resource being referenced - apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -#Role: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this Role - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) -} - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -#RoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// RoleBindingList is a collection of RoleBindings -#RoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of RoleBindings - items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep) -} - -// RoleList is a collection of Roles -#RoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of Roles - items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep) -} - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -#ClusterRole: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this ClusterRole - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) - - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - // +optional - aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt) -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -#AggregationRule: { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - // +optional - clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep) -} - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -#ClusterRoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -#ClusterRoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoleBindings - items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep) -} - -// ClusterRoleList is a collection of ClusterRoles -#ClusterRoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoles - items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep) -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5c..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096f..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1b..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec1..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf1..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff538603..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a466..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae3..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b288..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec266..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 835392730..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c90..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b63..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c392..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d58..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644cb..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e36..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b3..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f25..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f070..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb620..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f4676..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a7..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b4..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a2..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf891..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda3..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745aa..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80c..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f9..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd8285..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc3651..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b91894..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec85..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b0..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb2..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be1..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue deleted file mode 100644 index 17c5a791a..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue +++ /dev/null @@ -1,326 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/fluxcd/kustomize-controller/releases/download/v1.3.0/kustomize-controller.crds.yaml - -package v1 - -import "strings" - -// Kustomization is the Schema for the kustomizations API. -#Kustomization: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "kustomize.toolkit.fluxcd.io/v1" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "Kustomization" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // KustomizationSpec defines the configuration to calculate the - // desired state - // from a Source using Kustomize. - spec!: #KustomizationSpec -} - -// KustomizationSpec defines the configuration to calculate the -// desired state -// from a Source using Kustomize. -#KustomizationSpec: { - // CommonMetadata specifies the common labels and annotations that - // are - // applied to all resources. Any existing label or annotation will - // be - // overridden if its key matches a common one. - commonMetadata?: { - // Annotations to be added to the object's metadata. - annotations?: { - [string]: string - } - - // Labels to be added to the object's metadata. - labels?: { - [string]: string - } - } - - // Components specifies relative paths to specifications of other - // Components. - components?: [...string] - - // Decrypt Kubernetes secrets before applying them on the cluster. - decryption?: { - // Provider is the name of the decryption engine. - provider: "sops" - secretRef?: { - // Name of the referent. - name: string - } - } - - // DependsOn may contain a meta.NamespacedObjectReference slice - // with references to Kustomization resources that must be ready - // before this - // Kustomization can be reconciled. - dependsOn?: [...{ - // Name of the referent. - name: string - - // Namespace of the referent, when not specified it acts as - // LocalObjectReference. - namespace?: string - }] - - // Force instructs the controller to recreate resources - // when patching fails due to an immutable field change. - force?: bool | *false - - // A list of resources to be included in the health assessment. - healthChecks?: [...{ - // API version of the referent, if not specified the Kubernetes - // preferred version will be used. - apiVersion?: string - - // Kind of the referent. - kind: string - - // Name of the referent. - name: string - - // Namespace of the referent, when not specified it acts as - // LocalObjectReference. - namespace?: string - }] - - // Images is a list of (image name, new name, new tag or digest) - // for changing image names, tags or digests. This can also be - // achieved with a - // patch, but this operator is simpler to specify. - images?: [...{ - // Digest is the value used to replace the original image tag. - // If digest is present NewTag value is ignored. - digest?: string - - // Name is a tag-less image name. - name: string - - // NewName is the value used to replace the original name. - newName?: string - - // NewTag is the value used to replace the original tag. - newTag?: string - }] - - // The interval at which to reconcile the Kustomization. - // This interval is approximate and may be subject to jitter to - // ensure - // efficient use of resources. - interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" - kubeConfig?: { - // SecretRef holds the name of a secret that contains a key with - // the kubeconfig file as the value. If no key is set, the key - // will default - // to 'value'. - // It is recommended that the kubeconfig is self-contained, and - // the secret - // is regularly updated if credentials such as a - // cloud-access-token expire. - // Cloud specific `cmd-path` auth helpers will not function - // without adding - // binaries and credentials to the Pod that is responsible for - // reconciling - // Kubernetes resources. - secretRef: { - // Key in the Secret, when not specified an - // implementation-specific default key is used. - key?: string - - // Name of the Secret. - name: string - } - } - - // NamePrefix will prefix the names of all managed resources. - namePrefix?: strings.MaxRunes(200) & strings.MinRunes(1) - - // NameSuffix will suffix the names of all managed resources. - nameSuffix?: strings.MaxRunes(200) & strings.MinRunes(1) - - // Strategic merge and JSON patches, defined as inline YAML - // objects, - // capable of targeting objects based on kind, label and - // annotation selectors. - patches?: [...{ - // Patch contains an inline StrategicMerge patch or an inline - // JSON6902 patch with - // an array of operation objects. - patch: string - - // Target points to the resources that the patch document should - // be applied to. - target?: { - // AnnotationSelector is a string that follows the label selection - // expression - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - // It matches with the resource annotations. - annotationSelector?: string - - // Group is the API group to select resources from. - // Together with Version and Kind it is capable of unambiguously - // identifying and/or selecting resources. - // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - group?: string - - // Kind of the API Group to select resources from. - // Together with Group and Version it is capable of unambiguously - // identifying and/or selecting resources. - // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - kind?: string - - // LabelSelector is a string that follows the label selection - // expression - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - // It matches with the resource labels. - labelSelector?: string - - // Name to match resources with. - name?: string - - // Namespace to select resources from. - namespace?: string - - // Version of the API Group to select resources from. - // Together with Group and Kind it is capable of unambiguously - // identifying and/or selecting resources. - // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - version?: string - } - }] - - // Path to the directory containing the kustomization.yaml file, - // or the - // set of plain YAMLs a kustomization.yaml should be generated - // for. - // Defaults to 'None', which translates to the root path of the - // SourceRef. - path?: string - - // PostBuild describes which actions to perform on the YAML - // manifest - // generated by building the kustomize overlay. - postBuild?: { - // Substitute holds a map of key/value pairs. - // The variables defined in your YAML manifests that match any of - // the keys - // defined in the map will be substituted with the set value. - // Includes support for bash string replacement functions - // e.g. ${var:=default}, ${var:position} and - // ${var/substring/replacement}. - substitute?: { - [string]: string - } - - // SubstituteFrom holds references to ConfigMaps and Secrets - // containing - // the variables and their values to be substituted in the YAML - // manifests. - // The ConfigMap and the Secret data keys represent the var names, - // and they - // must match the vars declared in the manifests for the - // substitution to - // happen. - substituteFrom?: [...{ - // Kind of the values referent, valid values are ('Secret', - // 'ConfigMap'). - kind: "Secret" | "ConfigMap" - - // Name of the values referent. Should reside in the same - // namespace as the - // referring resource. - name: strings.MaxRunes(253) & strings.MinRunes(1) - - // Optional indicates whether the referenced resource must exist, - // or whether to - // tolerate its absence. If true and the referenced resource is - // absent, proceed - // as if the resource was present but empty, without any variables - // defined. - optional?: bool | *false - }] - } - - // Prune enables garbage collection. - prune: bool - - // The interval at which to retry a previously failed - // reconciliation. - // When not specified, the controller uses the - // KustomizationSpec.Interval - // value to retry failures. - retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" - - // The name of the Kubernetes service account to impersonate - // when reconciling this Kustomization. - serviceAccountName?: string - - // Reference of the source where the kustomization file is. - sourceRef: { - // API version of the referent. - apiVersion?: string - - // Kind of the referent. - kind: "OCIRepository" | "GitRepository" | "Bucket" - - // Name of the referent. - name: string - - // Namespace of the referent, defaults to the namespace of the - // Kubernetes - // resource object that contains the reference. - namespace?: string - } - - // This flag tells the controller to suspend subsequent kustomize - // executions, - // it does not apply to already started executions. Defaults to - // false. - suspend?: bool - - // TargetNamespace sets or overrides the namespace in the - // kustomization.yaml file. - targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1) - - // Timeout for validation, apply and health checking operations. - // Defaults to 'Interval' duration. - timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" - - // Wait instructs the controller to check the health of all the - // reconciled - // resources. When enabled, the HealthChecks are ignored. Defaults - // to false. - wait?: bool -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue b/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue deleted file mode 100644 index 28abd59d2..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue +++ /dev/null @@ -1,175 +0,0 @@ -// Code generated by timoni. DO NOT EDIT. - -//timoni:generate timoni vendor crd -f https://github.com/fluxcd/source-controller/releases/download/v1.3.0/source-controller.crds.yaml - -package v1beta2 - -import "strings" - -// OCIRepository is the Schema for the ocirepositories API -#OCIRepository: { - // APIVersion defines the versioned schema of this representation - // of an object. - // Servers should convert recognized schemas to the latest - // internal value, and - // may reject unrecognized values. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - apiVersion: "source.toolkit.fluxcd.io/v1beta2" - - // Kind is a string value representing the REST resource this - // object represents. - // Servers may infer this from the endpoint the client submits - // requests to. - // Cannot be updated. - // In CamelCase. - // More info: - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: "OCIRepository" - metadata!: { - name!: strings.MaxRunes(253) & strings.MinRunes(1) & { - string - } - namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & { - string - } - labels?: { - [string]: string - } - annotations?: { - [string]: string - } - } - - // OCIRepositorySpec defines the desired state of OCIRepository - spec!: #OCIRepositorySpec -} - -// OCIRepositorySpec defines the desired state of OCIRepository -#OCIRepositorySpec: { - certSecretRef?: { - // Name of the referent. - name: string - } - - // Ignore overrides the set of excluded patterns in the - // .sourceignore format - // (which is the same as .gitignore). If not provided, a default - // will be used, - // consult the documentation for your version to find out what - // those are. - ignore?: string - - // Insecure allows connecting to a non-TLS HTTP container - // registry. - insecure?: bool - - // Interval at which the OCIRepository URL is checked for updates. - // This interval is approximate and may be subject to jitter to - // ensure - // efficient use of resources. - interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" - - // LayerSelector specifies which layer should be extracted from - // the OCI artifact. - // When not specified, the first layer found in the artifact is - // selected. - layerSelector?: { - // MediaType specifies the OCI media type of the layer - // which should be extracted from the OCI Artifact. The - // first layer matching this type is selected. - mediaType?: string - - // Operation specifies how the selected layer should be processed. - // By default, the layer compressed content is extracted to - // storage. - // When the operation is set to 'copy', the layer compressed - // content - // is persisted to storage as it is. - operation?: "extract" | "copy" - } - - // The provider used for authentication, can be 'aws', 'azure', - // 'gcp' or 'generic'. - // When not specified, defaults to 'generic'. - provider?: "generic" | "aws" | "azure" | "gcp" | *"generic" - - // The OCI reference to pull and monitor for changes, - // defaults to the latest tag. - ref?: { - // Digest is the image digest to pull, takes precedence over - // SemVer. - // The value should be in the format 'sha256:'. - digest?: string - - // SemVer is the range of tags to pull selecting the latest within - // the range, takes precedence over Tag. - semver?: string - - // SemverFilter is a regex pattern to filter the tags within the - // SemVer range. - semverFilter?: string - - // Tag is the image tag to pull, defaults to latest. - tag?: string - } - secretRef?: { - // Name of the referent. - name: string - } - - // ServiceAccountName is the name of the Kubernetes ServiceAccount - // used to authenticate - // the image pull if the service account has attached pull - // secrets. For more information: - // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account - serviceAccountName?: string - - // This flag tells the controller to suspend the reconciliation of - // this source. - suspend?: bool - - // The timeout for remote OCI Repository operations like pulling, - // defaults to 60s. - timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s" - - // URL is a reference to an OCI artifact repository hosted - // on a remote container registry. - url: =~"^oci://.*$" - - // Verify contains the secret name containing the trusted public - // keys - // used to verify the signature and specifies which provider to - // use to check - // whether OCI image is authentic. - verify?: { - // MatchOIDCIdentity specifies the identity matching criteria to - // use - // while verifying an OCI artifact which was signed using Cosign - // keyless - // signing. The artifact's identity is deemed to be verified if - // any of the - // specified matchers match against the identity. - matchOIDCIdentity?: [...{ - // Issuer specifies the regex pattern to match against to verify - // the OIDC issuer in the Fulcio certificate. The pattern must be - // a - // valid Go regular expression. - issuer: string - - // Subject specifies the regex pattern to match against to verify - // the identity subject in the Fulcio certificate. The pattern - // must - // be a valid Go regular expression. - subject: string - }] - - // Provider specifies the technology used to sign the OCI - // Artifact. - provider: "cosign" | "notation" | *"cosign" - secretRef?: { - // Name of the referent. - name: string - } - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/module.cue b/k8s/timoni/kustomize-oci/cue.mod/module.cue deleted file mode 100644 index 3b8a6e4ba..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/module.cue +++ /dev/null @@ -1,2 +0,0 @@ -module: "timoni.sh/kustomize-oci" -language: version: "v0.9.0" diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99d..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43f..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f098967..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e4..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b0621..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 7be10c909..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699e..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573ae..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384b..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397f..000000000 --- a/k8s/timoni/kustomize-oci/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/k8s/timoni/kustomize-oci/templates/config.cue b/k8s/timoni/kustomize-oci/templates/config.cue deleted file mode 100644 index 06e09c7f7..000000000 --- a/k8s/timoni/kustomize-oci/templates/config.cue +++ /dev/null @@ -1,70 +0,0 @@ -package templates - -import ( - timoniv1 "timoni.sh/core/v1alpha1" -) - -#Config: { - moduleVersion!: string - kubeVersion!: string - - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - - artifact: { - url!: string & =~"^oci://.*$" - tag: *"latest" | string - semver?: string - interval: *1 | int - ignore: *"" | string - } - - auth: { - provider: *"generic" | "aws" | "azure" | "gcp" - credentials?: { - username!: string - password!: string - } - } - - tls: { - insecure: *false | bool - ca?: string - } - - sync: { - path: *"./" | string - prune: *true | bool - wait: *true | bool - timeout: *3 | int - retryInterval: *5 | int - - serviceAccountName?: string - targetNamespace?: string - } - - substitute?: [string]: string - - dependsOn?: [...{ - name: string - namespace?: string - }] - - patches: [...{...}] -} - -#Instance: { - config: #Config - - objects: { - ocirepository: #OCIRepository & {#config: config} - kustomization: #Kustomization & {#config: config} - } - - if config.auth.credentials != _|_ { - objects: imagepullsecret: #PullSecret & {#config: config} - } - - if config.tls.ca != _|_ { - objects: tlssecret: #TLSSecret & {#config: config} - } -} diff --git a/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue b/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue deleted file mode 100644 index bd46086e5..000000000 --- a/k8s/timoni/kustomize-oci/templates/imagepullsecret.cue +++ /dev/null @@ -1,16 +0,0 @@ -package templates - -import ( - "strings" - - timoniv1 "timoni.sh/core/v1alpha1" -) - -#PullSecret: timoniv1.#ImagePullSecret & { - #config: #Config - #Meta: #config.metadata - #Suffix: "-oci-auth" - #Registry: strings.Split(#config.artifact.url, "/")[2] - #Username: #config.auth.credentials.username - #Password: #config.auth.credentials.password -} diff --git a/k8s/timoni/kustomize-oci/templates/kustomization.cue b/k8s/timoni/kustomize-oci/templates/kustomization.cue deleted file mode 100644 index 5ce7db165..000000000 --- a/k8s/timoni/kustomize-oci/templates/kustomization.cue +++ /dev/null @@ -1,40 +0,0 @@ -package templates - -import ( - "encoding/yaml" - ksv1 "kustomize.toolkit.fluxcd.io/kustomization/v1" - sourcev1 "source.toolkit.fluxcd.io/ocirepository/v1beta2" -) - -#Kustomization: ksv1.#Kustomization & { - #config: #Config - metadata: #config.metadata - spec: ksv1.#KustomizationSpec & { - sourceRef: { - kind: sourcev1.#OCIRepository.kind - name: #config.metadata.name - } - interval: "60m" - retryInterval: "\(#config.sync.retryInterval)m" - path: #config.sync.path - prune: #config.sync.prune - wait: #config.sync.wait - timeout: "\(#config.sync.timeout)m" - if #config.sync.serviceAccountName != _|_ { - serviceAccountName: #config.sync.serviceAccountName - } - if #config.sync.targetNamespace != _|_ { - targetNamespace: #config.sync.targetNamespace - } - if #config.substitute != _|_ { - postBuild: substitute: #config.substitute - } - if #config.dependsOn != _|_ { - dependsOn: #config.dependsOn - } - patches: [for p in #config.patches { - patch: yaml.Marshal(p.patch) - target: p.target - }] - } -} diff --git a/k8s/timoni/kustomize-oci/templates/ocirepository.cue b/k8s/timoni/kustomize-oci/templates/ocirepository.cue deleted file mode 100644 index ec89939f0..000000000 --- a/k8s/timoni/kustomize-oci/templates/ocirepository.cue +++ /dev/null @@ -1,33 +0,0 @@ -package templates - -import ( - sourcev1 "source.toolkit.fluxcd.io/ocirepository/v1beta2" -) - -#OCIRepository: sourcev1.#OCIRepository & { - #config: #Config - metadata: #config.metadata - spec: sourcev1.#OCIRepositorySpec & { - interval: "\(#config.artifact.interval)m" - url: #config.artifact.url - if #config.artifact.semver != _|_ { - ref: semver: #config.artifact.semver - } - if #config.artifact.semver == _|_ { - ref: tag: #config.artifact.tag - } - provider: #config.auth.provider - if #config.auth.credentials != _|_ { - secretRef: name: #config.metadata.name + "-oci-auth" - } - if #config.artifact.ignore != "" { - ignore: #config.artifact.ignore - } - if #config.tls.insecure { - insecure: #config.tls.insecure - } - if #config.tls.ca != _|_ { - certSecretRef: name: #config.metadata.name + "-oci-tls" - } - } -} diff --git a/k8s/timoni/kustomize-oci/templates/tlssecret.cue b/k8s/timoni/kustomize-oci/templates/tlssecret.cue deleted file mode 100644 index 76190544c..000000000 --- a/k8s/timoni/kustomize-oci/templates/tlssecret.cue +++ /dev/null @@ -1,21 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#TLSSecret: corev1.#Secret & { - #config: #Config - apiVersion: "v1" - kind: "Secret" - metadata: timoniv1.#MetaComponent & { - #Meta: #config.metadata - #Component: "oci-tls" - } - stringData: { - if #config.tls.ca != _|_ { - "ca.crt": #config.tls.ca - } - } -} diff --git a/k8s/timoni/kustomize-oci/timoni.cue b/k8s/timoni/kustomize-oci/timoni.cue deleted file mode 100644 index cb02a3349..000000000 --- a/k8s/timoni/kustomize-oci/timoni.cue +++ /dev/null @@ -1,25 +0,0 @@ -package main - -import ( - templates "timoni.sh/kustomize-oci/templates" -) - -values: templates.#Config - -timoni: { - apiVersion: "v1alpha1" - - instance: templates.#Instance & { - config: values - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - apply: all: [for obj in instance.objects {obj}] -} diff --git a/k8s/timoni/kustomize-oci/timoni.ignore b/k8s/timoni/kustomize-oci/timoni.ignore deleted file mode 100644 index 0722c3486..000000000 --- a/k8s/timoni/kustomize-oci/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/k8s/timoni/kustomize-oci/values.cue b/k8s/timoni/kustomize-oci/values.cue deleted file mode 100644 index 17bc0aff9..000000000 --- a/k8s/timoni/kustomize-oci/values.cue +++ /dev/null @@ -1,3 +0,0 @@ -package main - -values: {} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue deleted file mode 100644 index c2497a513..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -#GroupName: "apps" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue deleted file mode 100644 index d3ecc8345..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue +++ /dev/null @@ -1,946 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -#ControllerRevisionHashLabelKey: "controller-revision-hash" -#StatefulSetRevisionLabel: "controller-revision-hash" -#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" -#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" -#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" -#PodIndexLabel: "apps.kubernetes.io/pod-index" - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -#StatefulSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired identities of pods in this set. - // +optional - spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -// +enum -#PodManagementPolicyType: string // #enumPodManagementPolicyType - -#enumPodManagementPolicyType: - #OrderedReadyPodManagement | - #ParallelPodManagement - -// OrderedReadyPodManagement will create pods in strictly increasing order on -// scale up and strictly decreasing order on scale down, progressing only when -// the previous pod is ready or terminated. At most one pod will be changed -// at any time. -#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" - -// ParallelPodManagement will create and delete pods as soon as the stateful set -// replica count is changed, and will not wait for pods to be ready or complete -// termination. -#ParallelPodManagement: #PodManagementPolicyType & "Parallel" - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -#StatefulSetUpdateStrategy: { - // Type indicates the type of the StatefulSetUpdateStrategy. - // Default is RollingUpdate. - // +optional - type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) - - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - // +optional - rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -// +enum -#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType - -#enumStatefulSetUpdateStrategyType: - #RollingUpdateStatefulSetStrategyType | - #OnDeleteStatefulSetStrategyType - -// RollingUpdateStatefulSetStrategyType indicates that update will be -// applied to all Pods in the StatefulSet with respect to the StatefulSet -// ordering constraints. When a scale operation is performed with this -// strategy, new Pods will be created from the specification version indicated -// by the StatefulSet's updateRevision. -#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" - -// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version -// tracking and ordered rolling restarts are disabled. Pods are recreated -// from the StatefulSetSpec when they are manually deleted. When a scale -// operation is performed with this strategy,specification version indicated -// by the StatefulSet's currentRevision. -#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -#RollingUpdateStatefulSetStrategy: { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - // +optional - partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) - - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType - -#enumPersistentVolumeClaimRetentionPolicyType: - #RetainPersistentVolumeClaimRetentionPolicyType | - #DeletePersistentVolumeClaimRetentionPolicyType - -// RetainPersistentVolumeClaimRetentionPolicyType is the default -// PersistentVolumeClaimRetentionPolicy and specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will not be deleted. -#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" - -// RetentionPersistentVolumeClaimRetentionPolicyType specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will be deleted in the scenario specified in -// StatefulSetPersistentVolumeClaimRetentionPolicy. -#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -#StatefulSetPersistentVolumeClaimRetentionPolicy: { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) - - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -#StatefulSetOrdinals: { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - start: int32 @go(Start) @protobuf(1,varint,opt) -} - -// A StatefulSetSpec is the specification of a StatefulSet. -#StatefulSetSpec: { - // replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // selector is a label query over pods that should match the replica count. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // -. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // volumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) - - // serviceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) - - // podManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) - - // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent - // volume claims created from volumeClaimTemplates. By default, all persistent - // volume claims are created as needed and retained until manually deleted. This - // policy allows the lifecycle to be altered, for example by deleting persistent - // volume claims when their stateful set is deleted, or when their pod is scaled - // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, - // which is alpha. +optional - persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is beta. - // +optional - ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) -} - -// StatefulSetStatus represents the current state of a StatefulSet. -#StatefulSetStatus: { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // replicas is the number of Pods created by the StatefulSet controller. - replicas: int32 @go(Replicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a statefulset's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) -} - -#StatefulSetConditionType: string - -// StatefulSetCondition describes the state of a statefulset at a certain point. -#StatefulSetCondition: { - // Type of statefulset condition. - type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// StatefulSetList is a collection of StatefulSets. -#StatefulSetList: { - metav1.#TypeMeta - - // Standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of stateful sets. - items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) -} - -// Deployment enables declarative updates for Pods and ReplicaSets. -#Deployment: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the Deployment. - // +optional - spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the Deployment. - // +optional - status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DeploymentSpec is the specification of the desired behavior of the Deployment. -#DeploymentSpec: { - // Number of desired pods. This is a pointer to distinguish between explicit - // zero and not specified. Defaults to 1. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // It must match the pod template's labels. - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template describes the pods that will be created. - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - // +patchStrategy=retainKeys - strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) - - // Indicates that the deployment is paused. - // +optional - paused?: bool @go(Paused) @protobuf(7,varint,opt) - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. Defaults to 600s. - progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) -} - -// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added -// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets -// to select new pods (and old pods being select by new ReplicaSet). -#DefaultDeploymentUniqueLabelKey: "pod-template-hash" - -// DeploymentStrategy describes how to replace existing pods with new ones. -#DeploymentStrategy: { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) -} - -// +enum -#DeploymentStrategyType: string // #enumDeploymentStrategyType - -#enumDeploymentStrategyType: - #RecreateDeploymentStrategyType | - #RollingUpdateDeploymentStrategyType - -// Kill all existing pods before creating new ones. -#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" - -// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. -#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" - -// Spec to control the desired behavior of rolling update. -#RollingUpdateDeployment: { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // Defaults to 25%. - // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - // that the total number of pods available at all times during the update is at - // least 70% of desired pods. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of pods that can be scheduled above the desired number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // Defaults to 25%. - // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - // the rolling update starts, such that the total number of old and new pods do not exceed - // 130% of desired pods. Once old pods have been killed, - // new ReplicaSet can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of desired pods. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DeploymentStatus is the most recently observed status of the Deployment. -#DeploymentStatus: { - // The generation observed by the deployment controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) - - // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) - - // Represents the latest available observations of a deployment's current state. - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) -} - -#DeploymentConditionType: string // #enumDeploymentConditionType - -#enumDeploymentConditionType: - #DeploymentAvailable | - #DeploymentProgressing | - #DeploymentReplicaFailure - -// Available means the deployment is available, ie. at least the minimum available -// replicas required are up and running for at least minReadySeconds. -#DeploymentAvailable: #DeploymentConditionType & "Available" - -// Progressing means the deployment is progressing. Progress for a deployment is -// considered when a new replica set is created or adopted, and when new pods scale -// up or old pods scale down. Progress is not estimated for paused deployments or -// when progressDeadlineSeconds is not specified. -#DeploymentProgressing: #DeploymentConditionType & "Progressing" - -// ReplicaFailure is added in a deployment when one of its pods fails to be created -// or deleted. -#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" - -// DeploymentCondition describes the state of a deployment at a certain point. -#DeploymentCondition: { - // Type of deployment condition. - type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time this condition was updated. - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) - - // Last time the condition transitioned from one status to another. - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) - - // The reason for the condition's last transition. - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DeploymentList is a list of Deployments. -#DeploymentList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Deployments. - items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) -} - -// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. -#DaemonSetUpdateStrategy: { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. - // +optional - type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) -} - -// +enum -#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType - -#enumDaemonSetUpdateStrategyType: - #RollingUpdateDaemonSetStrategyType | - #OnDeleteDaemonSetStrategyType - -// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. -#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" - -// Replace the old daemons only when it's killed -#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" - -// Spec to control the desired behavior of daemon set rolling update. -#RollingUpdateDaemonSet: { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediatedly created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DaemonSetSpec is the specification of a daemon set. -#DaemonSetSpec: { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) -} - -// DaemonSetStatus represents the current status of a daemon set. -#DaemonSetStatus: { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) - - // numberReady is the number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running with a Ready Condition. - numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) - - // The most recent generation observed by the daemon set controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) - - // The total number of nodes that are running updated daemon pod - // +optional - updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a DaemonSet's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) -} - -#DaemonSetConditionType: string - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -#DaemonSetCondition: { - // Type of DaemonSet condition. - type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DaemonSet represents the configuration of a daemon set. -#DaemonSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DefaultDaemonSetUniqueLabelKey is the default label key that is added -// to existing DaemonSet pods to distinguish between old and new -// DaemonSet pods during DaemonSet template updates. -#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" - -// DaemonSetList is a collection of daemon sets. -#DaemonSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // A list of daemon sets. - items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) -} - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -#ReplicaSet: { - metav1.#TypeMeta - - // If the Labels of a ReplicaSet are empty, they are defaulted to - // be the same as the Pod(s) that the ReplicaSet manages. - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the ReplicaSet. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the ReplicaSet. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicaSetList is a collection of ReplicaSets. -#ReplicaSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ReplicaSets. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -#ReplicaSetSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the replica count. - // Label keys and values that must match in order to be controlled by this replica set. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -#ReplicaSetStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replica set's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) -} - -#ReplicaSetConditionType: string // #enumReplicaSetConditionType - -#enumReplicaSetConditionType: - #ReplicaSetReplicaFailure - -// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created -// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted -// due to kubelet being down or finalizers are failing. -#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" - -// ReplicaSetCondition describes the state of a replica set at a certain point. -#ReplicaSetCondition: { - // Type of replica set condition. - type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both -// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, -// it may be subject to name and representation changes in future releases, and clients should not -// depend on its stability. It is primarily for internal use by controllers. -#ControllerRevision: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Data is the serialized representation of the state. - data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) - - // Revision indicates the revision of the state represented by Data. - revision: int64 @go(Revision) @protobuf(3,varint,opt) -} - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -#ControllerRevisionList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ControllerRevisions - items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a3027906..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce0..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abce..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff5..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b6..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c097336..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5c..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096f..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1b..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec1..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf1..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff538603..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a466..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae3..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b288..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec266..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 835392730..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c90..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b63..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c392..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d58..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644cb..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e36..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b3..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f25..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f070..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb620..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f4676..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a7..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b4..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a2..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf891..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda3..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745aa..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80c..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f9..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd8285..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc3651..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b91894..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec85..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b0..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb2..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be1..000000000 --- a/k8s/timoni/runner/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/k8s/timoni/runner/cue.mod/module.cue b/k8s/timoni/runner/cue.mod/module.cue deleted file mode 100644 index 72e7d281d..000000000 --- a/k8s/timoni/runner/cue.mod/module.cue +++ /dev/null @@ -1,2 +0,0 @@ -module: "timoni.sh/runner" -language: version: "v0.9.0" diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99d..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43f..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f098967..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e4..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b0621..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505d..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699e..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573ae..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384b..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397f..000000000 --- a/k8s/timoni/runner/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/k8s/timoni/runner/templates/config.cue b/k8s/timoni/runner/templates/config.cue deleted file mode 100644 index b7eda96e7..000000000 --- a/k8s/timoni/runner/templates/config.cue +++ /dev/null @@ -1,61 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#Config: { - kubeVersion!: string - moduleVersion!: string - - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - metadata: labels: timoniv1.#Labels - metadata: annotations?: timoniv1.#Annotations - - selector: timoniv1.#Selector & {#Name: metadata.name} - - registry: string - image!: timoniv1.#Image & {digest: ""} - - replicas: *0 | int & >0 - - resources: timoniv1.#ResourceRequirements & { - requests: { - cpu: *"150m" | timoniv1.#CPUQuantity - memory: *"128Mi" | timoniv1.#MemoryQuantity - } - limits: { - cpu: *"1000m" | timoniv1.#CPUQuantity - memory: *"2Gi" | timoniv1.#MemoryQuantity - } - } - - securityContext: corev1.#SecurityContext & { - allowPrivilegeEscalation: *false | true - privileged: *false | true - capabilities: - { - drop: *["ALL"] | [string] - add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] - } - } - - service: { - annotations?: timoniv1.#Annotations - port: *8000 | int & >0 & <=65535 - } - - podSecurityContext?: corev1.#PodSecurityContext - imagePullSecrets?: [...timoniv1.#ObjectReference] - tolerations?: [...corev1.#Toleration] -} - -#Instance: { - config: #Config - - objects: { - svc: #Service & {#config: config} - deploy: #Deployment & {#config: config} - } -} diff --git a/k8s/timoni/runner/templates/deployment.cue b/k8s/timoni/runner/templates/deployment.cue deleted file mode 100644 index 97868f1d1..000000000 --- a/k8s/timoni/runner/templates/deployment.cue +++ /dev/null @@ -1,53 +0,0 @@ -package templates - -import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" -) - -#Deployment: appsv1.#Deployment & { - #config: #Config - apiVersion: "apps/v1" - kind: "Deployment" - metadata: #config.metadata - spec: appsv1.#DeploymentSpec & { - replicas: #config.replicas - selector: matchLabels: #config.selector.labels - template: { - metadata: labels: #config.selector.labels - spec: corev1.#PodSpec & { - topologySpreadConstraints: [{ - maxSkew: 3 - topologyKey: "kubernetes.io/hostname" - whenUnsatisfiable: "ScheduleAnyway" - labelSelector: matchLabels: app: #config.metadata.name - }] - affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [{ - labelSelector: matchLabels: app: "codebattle" - topologyKey: "kubernetes.io/hostname" - }] - containers: [{ - name: "runner" - image: #config.image.reference - imagePullPolicy: #config.image.pullPolicy - command: ["/runner/codebattle_runner"] - ports: [{ - name: "http" - containerPort: 8000 - protocol: "TCP" - }] - readinessProbe: { - httpGet: { - path: "/health" - port: "http" - } - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - } - resources: #config.resources - }] - } - } - } -} diff --git a/k8s/timoni/runner/templates/service.cue b/k8s/timoni/runner/templates/service.cue deleted file mode 100644 index 1b4248b21..000000000 --- a/k8s/timoni/runner/templates/service.cue +++ /dev/null @@ -1,22 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#Service: corev1.#Service & { - #config: #Config - apiVersion: "v1" - kind: "Service" - metadata: #config.metadata - spec: corev1.#ServiceSpec & { - type: corev1.#ServiceTypeClusterIP - selector: #config.selector.labels - ports: [{ - port: 80 - protocol: "TCP" - name: "http" - targetPort: name - }] - } -} diff --git a/k8s/timoni/runner/timoni.cue b/k8s/timoni/runner/timoni.cue deleted file mode 100644 index d29df0bbf..000000000 --- a/k8s/timoni/runner/timoni.cue +++ /dev/null @@ -1,25 +0,0 @@ -package main - -import ( - templates "timoni.sh/runner/templates" -) - -values: templates.#Config - -timoni: { - apiVersion: "v1alpha1" - - instance: templates.#Instance & { - config: values - config: { - metadata: { - name: string & =~"^runner-.+" @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - apply: app: [for obj in instance.objects {obj}] -} diff --git a/k8s/timoni/runner/values.cue b/k8s/timoni/runner/values.cue deleted file mode 100644 index 17bc0aff9..000000000 --- a/k8s/timoni/runner/values.cue +++ /dev/null @@ -1,3 +0,0 @@ -package main - -values: {} diff --git a/k8s/timoni/runners.cue b/k8s/timoni/runners.cue deleted file mode 100644 index b770ace6c..000000000 --- a/k8s/timoni/runners.cue +++ /dev/null @@ -1,38 +0,0 @@ -runners: { - "python": { - image: "codebattle/python" - version: "3.12.2" - lang: "python" - replicas: 1 - } - "cpp": { - image: "codebattle/cpp" - version: "20" - lang: "cpp" - replicas: 0 - } - "csharp": { - image: "codebattle/csharp" - version: "8.0.201" - lang: "csharp" - replicas: 0 - } - "java": { - image: "codebattle/java" - version: "21" - lang: "java" - replicas: 0 - } - "golang": { - image: "codebattle/golang" - version: "1.22.1" - lang: "golang" - replicas: 0 - } - "kotlin": { - image: "codebattle/kotlin" - version: "1.9.23" - lang: "kotlin" - replicas: 0 - } -} diff --git a/k8s/timoni/values.cue b/k8s/timoni/values.cue deleted file mode 100644 index 84f4523df..000000000 --- a/k8s/timoni/values.cue +++ /dev/null @@ -1,14 +0,0 @@ -codebattleValues: { - image: codebattle: pullPolicy: "Always" - image: nginx: pullPolicy: "Always" - gateway: { - enable: true - gatewayName: "gateway" - } - certManager: { - enable: true - useLetsencrypt: false - useCA: true - } - rustExecutor: true -}