@@ -20080,6 +20080,237 @@ spec:
2008020080 - name
2008120081 type: object
2008220082 type: array
20083+ systemCATrust:
20084+ description: Custom certificates to inject into the repo server
20085+ container and its plugins to trust source hosting sites
20086+ properties:
20087+ clusterTrustBundles:
20088+ description: ClusterTrustBundles is a list of projected ClusterTrustBundle
20089+ volume definitions from where to take the trust certs.
20090+ items:
20091+ description: |-
20092+ ClusterTrustBundleProjection describes how to select a set of
20093+ ClusterTrustBundle objects and project their contents into the pod
20094+ filesystem.
20095+ properties:
20096+ labelSelector:
20097+ description: |-
20098+ Select all ClusterTrustBundles that match this label selector. Only has
20099+ effect if signerName is set. Mutually-exclusive with name. If unset,
20100+ interpreted as "match nothing". If set but empty, interpreted as "match
20101+ everything".
20102+ properties:
20103+ matchExpressions:
20104+ description: matchExpressions is a list of label
20105+ selector requirements. The requirements are ANDed.
20106+ items:
20107+ description: |-
20108+ A label selector requirement is a selector that contains values, a key, and an operator that
20109+ relates the key and values.
20110+ properties:
20111+ key:
20112+ description: key is the label key that the
20113+ selector applies to.
20114+ type: string
20115+ operator:
20116+ description: |-
20117+ operator represents a key's relationship to a set of values.
20118+ Valid operators are In, NotIn, Exists and DoesNotExist.
20119+ type: string
20120+ values:
20121+ description: |-
20122+ values is an array of string values. If the operator is In or NotIn,
20123+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
20124+ the values array must be empty. This array is replaced during a strategic
20125+ merge patch.
20126+ items:
20127+ type: string
20128+ type: array
20129+ x-kubernetes-list-type: atomic
20130+ required:
20131+ - key
20132+ - operator
20133+ type: object
20134+ type: array
20135+ x-kubernetes-list-type: atomic
20136+ matchLabels:
20137+ additionalProperties:
20138+ type: string
20139+ description: |-
20140+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
20141+ map is equivalent to an element of matchExpressions, whose key field is "key", the
20142+ operator is "In", and the values array contains only "value". The requirements are ANDed.
20143+ type: object
20144+ type: object
20145+ x-kubernetes-map-type: atomic
20146+ name:
20147+ description: |-
20148+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
20149+ with signerName and labelSelector.
20150+ type: string
20151+ optional:
20152+ description: |-
20153+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
20154+ aren't available. If using name, then the named ClusterTrustBundle is
20155+ allowed not to exist. If using signerName, then the combination of
20156+ signerName and labelSelector is allowed to match zero
20157+ ClusterTrustBundles.
20158+ type: boolean
20159+ path:
20160+ description: Relative path from the volume root to write
20161+ the bundle.
20162+ type: string
20163+ signerName:
20164+ description: |-
20165+ Select all ClusterTrustBundles that match this signer name.
20166+ Mutually-exclusive with name. The contents of all selected
20167+ ClusterTrustBundles will be unified and deduplicated.
20168+ type: string
20169+ required:
20170+ - path
20171+ type: object
20172+ type: array
20173+ configMaps:
20174+ description: ConfigMaps is a list of projected ConfigMap volume
20175+ definitions from where to take the trust certs.
20176+ items:
20177+ description: |-
20178+ Adapts a ConfigMap into a projected volume.
20179+
20180+ The contents of the target ConfigMap's Data field will be presented in a
20181+ projected volume as files using the keys in the Data field as the file names,
20182+ unless the items element is populated with specific mappings of keys to paths.
20183+ Note that this is identical to a configmap volume source without the default
20184+ mode.
20185+ properties:
20186+ items:
20187+ description: |-
20188+ items if unspecified, each key-value pair in the Data field of the referenced
20189+ ConfigMap will be projected into the volume as a file whose name is the
20190+ key and content is the value. If specified, the listed keys will be
20191+ projected into the specified paths, and unlisted keys will not be
20192+ present. If a key is specified which is not present in the ConfigMap,
20193+ the volume setup will error unless it is marked optional. Paths must be
20194+ relative and may not contain the '..' path or start with '..'.
20195+ items:
20196+ description: Maps a string key to a path within a
20197+ volume.
20198+ properties:
20199+ key:
20200+ description: key is the key to project.
20201+ type: string
20202+ mode:
20203+ description: |-
20204+ mode is Optional: mode bits used to set permissions on this file.
20205+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20206+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20207+ If not specified, the volume defaultMode will be used.
20208+ This might be in conflict with other options that affect the file
20209+ mode, like fsGroup, and the result can be other mode bits set.
20210+ format: int32
20211+ type: integer
20212+ path:
20213+ description: |-
20214+ path is the relative path of the file to map the key to.
20215+ May not be an absolute path.
20216+ May not contain the path element '..'.
20217+ May not start with the string '..'.
20218+ type: string
20219+ required:
20220+ - key
20221+ - path
20222+ type: object
20223+ type: array
20224+ x-kubernetes-list-type: atomic
20225+ name:
20226+ default: ""
20227+ description: |-
20228+ Name of the referent.
20229+ This field is effectively required, but due to backwards compatibility is
20230+ allowed to be empty. Instances of this type with an empty value here are
20231+ almost certainly wrong.
20232+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20233+ type: string
20234+ optional:
20235+ description: optional specify whether the ConfigMap
20236+ or its keys must be defined
20237+ type: boolean
20238+ type: object
20239+ x-kubernetes-map-type: atomic
20240+ type: array
20241+ dropImageCertificates:
20242+ description: DropImageCertificates will remove all certs that
20243+ are present in the image, leaving only those explicitly
20244+ configured here.
20245+ type: boolean
20246+ secrets:
20247+ description: Secrets is a list of projected Secret volume
20248+ definitions from where to take the trust certs.
20249+ items:
20250+ description: |-
20251+ Adapts a secret into a projected volume.
20252+
20253+ The contents of the target Secret's Data field will be presented in a
20254+ projected volume as files using the keys in the Data field as the file names.
20255+ Note that this is identical to a secret volume source without the default
20256+ mode.
20257+ properties:
20258+ items:
20259+ description: |-
20260+ items if unspecified, each key-value pair in the Data field of the referenced
20261+ Secret will be projected into the volume as a file whose name is the
20262+ key and content is the value. If specified, the listed keys will be
20263+ projected into the specified paths, and unlisted keys will not be
20264+ present. If a key is specified which is not present in the Secret,
20265+ the volume setup will error unless it is marked optional. Paths must be
20266+ relative and may not contain the '..' path or start with '..'.
20267+ items:
20268+ description: Maps a string key to a path within a
20269+ volume.
20270+ properties:
20271+ key:
20272+ description: key is the key to project.
20273+ type: string
20274+ mode:
20275+ description: |-
20276+ mode is Optional: mode bits used to set permissions on this file.
20277+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20278+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20279+ If not specified, the volume defaultMode will be used.
20280+ This might be in conflict with other options that affect the file
20281+ mode, like fsGroup, and the result can be other mode bits set.
20282+ format: int32
20283+ type: integer
20284+ path:
20285+ description: |-
20286+ path is the relative path of the file to map the key to.
20287+ May not be an absolute path.
20288+ May not contain the path element '..'.
20289+ May not start with the string '..'.
20290+ type: string
20291+ required:
20292+ - key
20293+ - path
20294+ type: object
20295+ type: array
20296+ x-kubernetes-list-type: atomic
20297+ name:
20298+ default: ""
20299+ description: |-
20300+ Name of the referent.
20301+ This field is effectively required, but due to backwards compatibility is
20302+ allowed to be empty. Instances of this type with an empty value here are
20303+ almost certainly wrong.
20304+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20305+ type: string
20306+ optional:
20307+ description: optional field specify whether the Secret
20308+ or its key must be defined
20309+ type: boolean
20310+ type: object
20311+ x-kubernetes-map-type: atomic
20312+ type: array
20313+ type: object
2008320314 verifytls:
2008420315 description: VerifyTLS defines whether repo server API should
2008520316 be accessed using strict TLS validation
0 commit comments